Re: GeoIP in 9.10 RC2
Hi Evan You guys are doing a great job. I did actually try before without acl directly in view. The error was at the time No ACL geoip. Will retry with patch. Thanks ! On May 1, 2014 6:38 AM, Evan Hunt e...@isc.org wrote: On Wed, Apr 30, 2014 at 11:33:06PM +0200, Ali Jawad wrote: Any hints ? So, yeah, that's embarrassing. It never crossed my mind to test geoip ACL elements by referencing them indirectly in named ACLs, as you did; I only referenced them directly. Apparently none of the folks who've been using the code in production ever tried that either. Kudos for your QA skills. :) Thanks to you, I am now aware of the fact that, while the following configuration does work: match-clients { geoip country US; }; ...this one doesn't: acl geoipUS { geoip country US; } ... match-clients { geoipUS; }; The problem is that when the geoipUS ACL is merged into match-clients for the view, the geoip information doesn't get copied correctly. The attached patch should fix it. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
GeoIP in 9.10 RC2
Hi I did compile 9.10 with GeoIP config is below : in options geoip-directory /usr/share/GeoIP/; Then acl US { geoip country US; }; view US { match-clients { US; }; include /etc/named.rfc1912.zones; }; Start up log shows : Apr 30 17:24:19 sj named[24407]: using /usr/share/GeoIP/ as GeoIP directory Apr 30 17:24:19 sj named[24407]: initializing GeoIP Country (IPv4) (type 1) DB Apr 30 17:24:19 sj named[24407]: GEO-106FREE 20110601 Build 1 Copyright (c) 2011 MaxMind Inc All Rights Reserved So the the IPv4 Country DB is recognized and loaded, but digs from US to that server still result in queries from the ALL view, which is the last view in the config file and the test View above is the first View in teh config file. Any hints ? Regards ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: GeoIP in 9.10 RC2
So the the IPv4 Country DB is recognized and loaded, but digs from US to that server still result in queries from the ALL view, which is the last view in the config file and the test View above is the first View in teh config file. You may want to try the geoiplookup (provided by GeoIP software) to confirm that the IPs are really matching the database. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: GeoIP in 9.10 RC2
Hi Jeremy I did actually test with the online demo of maxmind, did redo the test with geoiplookup ip.ip.ip.ip and it did return the correct info, so that does not appear to be the issue. Regards On Wed, Apr 30, 2014 at 11:47 PM, Jeremy C. Reed jr...@isc.org wrote: So the the IPv4 Country DB is recognized and loaded, but digs from US to that server still result in queries from the ALL view, which is the last view in the config file and the test View above is the first View in teh config file. You may want to try the geoiplookup (provided by GeoIP software) to confirm that the IPs are really matching the database. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: GeoIP in 9.10 RC2
On Wed, 30 Apr 2014, Ali Jawad wrote: view US { match-clients { US; }; For now please change to: match-clients { geoip country US; };___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: GeoIP in 9.10 RC2
On Wed, Apr 30, 2014 at 11:33:06PM +0200, Ali Jawad wrote: Any hints ? So, yeah, that's embarrassing. It never crossed my mind to test geoip ACL elements by referencing them indirectly in named ACLs, as you did; I only referenced them directly. Apparently none of the folks who've been using the code in production ever tried that either. Kudos for your QA skills. :) Thanks to you, I am now aware of the fact that, while the following configuration does work: match-clients { geoip country US; }; ...this one doesn't: acl geoipUS { geoip country US; } ... match-clients { geoipUS; }; The problem is that when the geoipUS ACL is merged into match-clients for the view, the geoip information doesn't get copied correctly. The attached patch should fix it. -- Evan Hunt -- e...@isc.org Internet Systems Consortium, Inc. diff --git a/lib/dns/acl.c b/lib/dns/acl.c index a2d0347..1064bce 100644 --- a/lib/dns/acl.c +++ b/lib/dns/acl.c @@ -337,6 +337,12 @@ dns_acl_merge(dns_acl_t *dest, dns_acl_t *source, isc_boolean_t pos) return result; } + /* copy the GeoIP data */ + if (source-elements[i].type == dns_aclelementtype_geoip) { + dest-elements[nelem + i].geoip_elem = +source-elements[i].geoip_elem; + } + /* reverse sense of positives if this is a negative acl */ if (!pos source-elements[i].negative == ISC_FALSE) { dest-elements[nelem + i].negative = ISC_TRUE; ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users