Re: GeoIP in 9.10 RC2
Hi Evan
You guys are doing a great job. I did actually try before without acl
directly in view. The error was at the time No ACL geoip. Will retry with
patch. Thanks !
On May 1, 2014 6:38 AM, Evan Hunt e...@isc.org wrote:
On Wed, Apr 30, 2014 at 11:33:06PM +0200, Ali Jawad wrote:
Any hints ?
So, yeah, that's embarrassing. It never crossed my mind to test geoip
ACL elements by referencing them indirectly in named ACLs, as you did;
I only referenced them directly. Apparently none of the folks who've
been using the code in production ever tried that either. Kudos for
your QA skills. :)
Thanks to you, I am now aware of the fact that, while the following
configuration does work:
match-clients { geoip country US; };
...this one doesn't:
acl geoipUS { geoip country US; }
...
match-clients { geoipUS; };
The problem is that when the geoipUS ACL is merged into match-clients
for the view, the geoip information doesn't get copied correctly.
The attached patch should fix it.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
GeoIP in 9.10 RC2
Hi
I did compile 9.10 with GeoIP config is below :
in options
geoip-directory /usr/share/GeoIP/;
Then
acl US {
geoip country US;
};
view US {
match-clients { US; };
include /etc/named.rfc1912.zones;
};
Start up log shows :
Apr 30 17:24:19 sj named[24407]: using /usr/share/GeoIP/ as GeoIP
directory
Apr 30 17:24:19 sj named[24407]: initializing GeoIP Country (IPv4) (type 1)
DB
Apr 30 17:24:19 sj named[24407]: GEO-106FREE 20110601 Build 1 Copyright (c)
2011 MaxMind Inc All Rights Reserved
So the the IPv4 Country DB is recognized and loaded, but digs from US to
that server still result in queries from the ALL view, which is the last
view in the config file and the test View above is the first View in teh
config file.
Any hints ?
Regards
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: GeoIP in 9.10 RC2
So the the IPv4 Country DB is recognized and loaded, but digs from US to that server still result in queries from the ALL view, which is the last view in the config file and the test View above is the first View in teh config file. You may want to try the geoiplookup (provided by GeoIP software) to confirm that the IPs are really matching the database. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: GeoIP in 9.10 RC2
Hi Jeremy I did actually test with the online demo of maxmind, did redo the test with geoiplookup ip.ip.ip.ip and it did return the correct info, so that does not appear to be the issue. Regards On Wed, Apr 30, 2014 at 11:47 PM, Jeremy C. Reed jr...@isc.org wrote: So the the IPv4 Country DB is recognized and loaded, but digs from US to that server still result in queries from the ALL view, which is the last view in the config file and the test View above is the first View in teh config file. You may want to try the geoiplookup (provided by GeoIP software) to confirm that the IPs are really matching the database. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: GeoIP in 9.10 RC2
On Wed, 30 Apr 2014, Ali Jawad wrote:
view US {
match-clients { US; };
For now please change to:
match-clients { geoip country US; };___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: GeoIP in 9.10 RC2
On Wed, Apr 30, 2014 at 11:33:06PM +0200, Ali Jawad wrote:
Any hints ?
So, yeah, that's embarrassing. It never crossed my mind to test geoip
ACL elements by referencing them indirectly in named ACLs, as you did;
I only referenced them directly. Apparently none of the folks who've
been using the code in production ever tried that either. Kudos for
your QA skills. :)
Thanks to you, I am now aware of the fact that, while the following
configuration does work:
match-clients { geoip country US; };
...this one doesn't:
acl geoipUS { geoip country US; }
...
match-clients { geoipUS; };
The problem is that when the geoipUS ACL is merged into match-clients
for the view, the geoip information doesn't get copied correctly.
The attached patch should fix it.
--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
diff --git a/lib/dns/acl.c b/lib/dns/acl.c
index a2d0347..1064bce 100644
--- a/lib/dns/acl.c
+++ b/lib/dns/acl.c
@@ -337,6 +337,12 @@ dns_acl_merge(dns_acl_t *dest, dns_acl_t *source, isc_boolean_t pos)
return result;
}
+ /* copy the GeoIP data */
+ if (source-elements[i].type == dns_aclelementtype_geoip) {
+ dest-elements[nelem + i].geoip_elem =
+source-elements[i].geoip_elem;
+ }
+
/* reverse sense of positives if this is a negative acl */
if (!pos source-elements[i].negative == ISC_FALSE) {
dest-elements[nelem + i].negative = ISC_TRUE;
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
