Re: Bind 9.11.0a1

2016-04-21 Thread Jeremy C. Reed 
On Thu, 21 Apr 2016, ap...@yandex.ru wrote:

> Would be great to hear smth about question #2. I've tried to use rndc 
> trace with various levels of debugging and still edns subnet is not 
> shown anywhere.

> > 2) I have looked through sources and bind 9.11 guide, but have not 
> > found the way to add client-subnet into queries logging. Would be 
> > really great to have it. So to see not just client IP-address, but 
> > also ECS subnet itself. Did I miss something?

We will soon be adding some logging for geoip and ECS.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind 9.11.0a1

2016-04-21 Thread apani 
Hello,

as for question #1 - it is all good and working as expected. The problem was 
with old dig version that used experimental code 20730 for EDNS client subnet 
option.

Would be great to hear smth about question #2. I've tried to use rndc trace 
with various levels of debugging and still edns subnet is not shown anywhere.

21.04.2016, 11:18, "ap...@yandex.ru" :
> Hello guys,
>
> awesome bind 9.11 release, lot's of really good features.
> I have few questions about ECS (EDNS client subnet) feature.
>
> 1) I have installed 9.11 with geoip support and have the following config:
>
> key "external-key" {
> ...
> };
>
> key "asia-key" {
> ...
> };
>
> acl acl-asia { geoip country IN; ! key external-key; key asia-key; };
> acl acl-external { ! key asia-key; key external-key; };
>
> view asia {
> match-clients { acl-asia; };
> zone "example.com." { type slave; file "zones/asia_example.com."; masters 
> { asia-master-servers; }; };
> };
>
> view external {
> match-clients { any; };
> zone "example.com." { type slave; file "zones/external_example.com."; 
> masters { external-master-servers; }; };
> };
>
> Well, it is something like this. Instead example.com there is a real zone, 
> for which the server is authorative.
>
> When I send a request from host in India directly to this server:
>
> INDIA# dig example.com @SERVER
>
> everything works fine and I get into "asia" view.
>
> When I send a request from host in Europe, but with subnet of the indian host:
>
> EUROPE# dig +subnet=INDIA_IP example.com @SERVER
>
> I get into external view, but according to bind guide Geoip should "route" me 
> into asia view. I have explicitly set geoip-use-ecs yes; .
>
> What did I do wrong? I can see in logs and traffic dumps that request 
> received with client-subnet directive.
>
> 2) I have looked through sources and bind 9.11 guide, but have not found the 
> way to add client-subnet into queries logging. Would be really great to have 
> it. So to see not just client IP-address, but also ECS subnet itself. Did I 
> miss something?
>
> Cheers,
> sp_
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Bind 9.11.0a1

2016-04-21 Thread apani 
Hello guys,

awesome bind 9.11 release, lot's of really good features.
I have few questions about ECS (EDNS client subnet) feature.

1) I have installed 9.11 with geoip support and have the following config:

key "external-key" {
...
};

key "asia-key" {
...
};

acl acl-asia { geoip country IN; ! key external-key; key asia-key; };
acl acl-external { ! key asia-key; key external-key; };

view asia {
match-clients { acl-asia; };
zone "example.com." { type slave; file "zones/asia_example.com."; masters { 
asia-master-servers; }; };
};

view external {
match-clients { any; };
zone "example.com." { type slave; file "zones/external_example.com."; 
masters { external-master-servers; }; };
};

Well, it is something like this. Instead example.com there is a real zone, for 
which the server is authorative.

When I send a request from host in India directly to this server:

INDIA# dig example.com @SERVER

everything works fine and I get into "asia" view.

When I send a request from host in Europe, but with subnet of the indian host:

EUROPE# dig +subnet=INDIA_IP example.com @SERVER

I get into external view, but according to bind guide Geoip should "route" me 
into asia view. I have explicitly set geoip-use-ecs yes; .

What did I do wrong? I can see in logs and traffic dumps that request received 
with client-subnet directive.

2) I have looked through sources and bind 9.11 guide, but have not found the 
way to add client-subnet into queries logging. Would be really great to have 
it. So to see not just client IP-address, but also ECS subnet itself. Did I 
miss something?

Cheers,
sp_
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

BIND 9.11.0a1 is now available

2016-03-25 Thread Michael McNally 
The first official alpha development release of the new BIND 9.11
branch has been published and announced via our bind-announce list --
if you're not subscribed to that list you can see the announcement in
the list's public archive here:

  https://lists.isc.org/pipermail/bind-announce/2016-March/000981.html

Or you can go straight to our download page and grab it:

  http://www.isc.org/downloads

BIND 9.11 has quite a few interesting new features and we'd really like
your feedback to help us make the final release the best it can be.
We've put a lot of work into 9.11 and we're excited to be delivering it.
Please check it out and let us know what you think.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users