-
Print
-
PDF
BIND's GeoIP features allow you to create ACL elements that evaluate based on the location information for the client's IP address. This feature uses the API provided by MaxMind® to query their GeoIP database and should work with any database in the proper format.
This feature's primary purpose is to create answer sets for geographic regions and connect clients with local services; this can improve client response times and reduce long-haul network traffic.
To use the GeoIP features, BIND must be built with GeoIP support by using '--with-geoip' in the configure step of the build process. Without this build configuration BIND will not recognize the named.conf GeoIP extensions or be able to perform any GeoIP lookups.
When built with GeoIP, named.conf supports the "geoip-directory" option.
options {
geoip-directory "/path/to/geoip/database";
};
ACLs can perform GeoIP lookup tests using the client IP address. Many different types of GeoIP lookups can be performed. For more detailed information about what is supported, see Access Control Lists in the BIND ARM.
acl "example" {
geoip country US;
geoip region CA;
geoip city "Redwood City"; /* names, etc., must be quoted if they contain spaces */
};
While these can be used in any ACLs, the most common place to use them is in the match statements on views to route clients to the view with the answers selected for their location.
options {
geoip-directory "/path/to/geoip/database";
};
acl "redwoodcity" {
geoip country US;
geoip region CA;
geoip city "Redwood City"; /* names, etc., must be quoted if they contain spaces */
};
view "redwoodcity" {
match-clients { redwoodcity; };
zone "isc.org" {
file "locals/db.isc.org";
type master;
};
};
view "default" {
zone "isc.org" {
file "nonlocals/db.isc.org";
type master;
};
};