Full-disclosure: I work on Amazon Route 53, and although we don't quite use that same method - it will give you an idea of what's possible. PS; we're hiring.
For those interested, it uses a Javascript include from a unique subdomain name. Because the subdomain is unique the app can work out the relationship between client IP and resolver.
The DNS server authoritative for nonce.stdlib.net has a simple wildcard configured, so *.nonce.stdlib.net all resolve to the same web-server. Obviously the DNS request for the globally unique id domain name has to come before any HTTP request to the guid url, so when the DNS request comes in the authoritative server can record it in a simple lookup store (guid -> resolver source ip).
Then, when the HTTP request makes it to the web-server, it can inspect the Host: header to determine what the guid was. It then uses this guid to correlate the HTTP request it is handling and the resolver source ip, and generates some javascript with the data we need;
var resolver="192.0.2.53";var edns=true;
It's just a hack I wrote up for my own reasons years ago. But if you'd like to avail of it for any reason (ie helping end-users debug things), feel free to embed;
If I had to guess, I'd say that since route 53 is a dns host for many domains, they might be able to work out the user ip / resolvers map passively. Pretty awesome stuff, Amazon! This is a big deal for your customers.
How did you build this map?
I can think of a few complicated ways to go about it, but I'm wondering if there is something easy I'm missing.