Knowledge Base ISC Main Website Ask a Question/Contact ISC
Using the GeoIP Features in BIND 9.9 Subscription Version
Author: Brian Conry Reference Number: AA-00971 Views: 1021 Created: 2013-06-05 16:07 Last Updated: 2013-06-13 17:40 0 Rating/ Voters

BIND's GeoIP features allow you to create ACL elements that evaluate based on the location information for the client's IP address.  This uses the API provided by MaxMind® to query their GeoIP database and should work with any database in the proper format.

The primary intended purpose for this feature is so that answer sets can be created for geographic regions in order to connect clients with local services.  This can result in improved response time for the client and a reduction in long-haul network traffic.

In order to use the GeoIP features BIND must be built with GeoIP support by using '--with-geoip' in the configure step of the build process .  Without this build configuration BIND will not recognize the named.conf GeoIP extensions or be able to perform any GeoIP lookups.

When built with GeoIP, named.conf supports the "geoip-directory" option.

options {
    geoip-directory "/path/to/geoip/database";
};
ACLs can perform GeoIP lookup tests using the client IP address.  Many different types of GeoIP lookups can be performed.  For more detailed information about what is supported see chapter 6 of the ARM that came with the source code.

acl "example" {
  geoip country US;
  geoip region CA;
  geoip city "Redwood City"; /* names, etc., must be quoted if they contain spaces */
};

While these can be used in any ACLs, the most common place to use them is in the match statements on views in order to route clients to the view with the answers selected for their location.

options {
    geoip-directory "/path/to/geoip/database";
};

acl "redwoodcity" {
  geoip country US;
  geoip region CA;
  geoip city "Redwood City"; /* names, etc., must be quoted if they contain spaces */
};

view "redwoodcity" {
  match-clients { redwoodcity; };
  zone "isc.org" {
    file "locals/db.isc.org";
    type master;
  };
};

view "default" {
  zone "isc.org" {
    file "nonlocals/db.isc.org";
    type master;
  };
};


© 2001-2017 Internet Systems Consortium

For assistance with problems and questions for which you have not been able to find an answer in our Knowledge Base, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership.

ISC relies on the financial support of the community to fund the development of its open source software products. If you would like to support future product evolution and maintenance as well having peace of mind knowing that our team of experts are poised to provide you with individual technical assistance whenever you call upon them, then please consider our Professional Subscription Support services - details can be found on our main website.

Feedback
  • There is no feedback for this article
Quick Jump Menu