Bind 9.11.0a1
apani at yandex.ru
apani at yandex.ru
Thu Apr 21 08:17:38 UTC 2016
Hello guys,
awesome bind 9.11 release, lot's of really good features.
I have few questions about ECS (EDNS client subnet) feature.
1) I have installed 9.11 with geoip support and have the following config:
key "external-key" {
...
};
key "asia-key" {
...
};
acl acl-asia { geoip country IN; ! key external-key; key asia-key; };
acl acl-external { ! key asia-key; key external-key; };
view asia {
match-clients { acl-asia; };
zone "example.com." { type slave; file "zones/asia_example.com."; masters { asia-master-servers; }; };
};
view external {
match-clients { any; };
zone "example.com." { type slave; file "zones/external_example.com."; masters { external-master-servers; }; };
};
Well, it is something like this. Instead example.com there is a real zone, for which the server is authorative.
When I send a request from host in India directly to this server:
INDIA# dig example.com @SERVER
everything works fine and I get into "asia" view.
When I send a request from host in Europe, but with subnet of the indian host:
EUROPE# dig +subnet=INDIA_IP example.com @SERVER
I get into external view, but according to bind guide Geoip should "route" me into asia view. I have explicitly set geoip-use-ecs yes; .
What did I do wrong? I can see in logs and traffic dumps that request received with client-subnet directive.
2) I have looked through sources and bind 9.11 guide, but have not found the way to add client-subnet into queries logging. Would be really great to have it. So to see not just client IP-address, but also ECS subnet itself. Did I miss something?
Cheers,
sp_
More information about the bind-users
mailing list