Using the GeoIP Features in BIND 9.9 Subscription Version

BIND's GeoIP features allow you to create ACL elements that evaluate based on the location information for the client's IP address. This uses the API provided by MaxMind® to query their GeoIP database and should work with any database in the proper format.

The primary intended purpose for this feature is so that answer sets can be created for geographic regions in order to connect clients with local services. This can result in improved response time for the client and a reduction in long-haul network traffic.

In order to use the GeoIP features BIND must be built with GeoIP support by using '--with-geoip' in the configure step of the build process. Without this build configuration BIND will not recognize the named.conf GeoIP extensions or be able to perform any GeoIP lookups.

When built with GeoIP, named.conf supports the "geoip-directory" option.

options {
     geoip-directory "/path/to/geoip/database";
};

ACLs can perform GeoIP lookup tests using the client IP address. Many different types of GeoIP lookups can be performed. For more detailed information about what is supported, see chapter 6 of the ARM that came with the source code.

acl "example" {
     geoip country US;
     geoip region CA;
     geoip city "Redwood City"; /* names, etc., must be quoted if they contain spaces */
};

While these can be used in any ACLs, the most common place to use them is in the match statements on views in order to route clients to the view with the answers selected for their location.

options {
     geoip-directory "/path/to/geoip/database";
};

acl "redwoodcity" {
     geoip country US;
     geoip region CA;
     geoip city "Redwood City"; /* names, etc., must be quoted if they contain spaces */
};

view "redwoodcity" {
     match-clients { redwoodcity; };
     zone "isc.org" {
          file "locals/db.isc.org";
          type master;
     };
};

view "default" {
     zone "isc.org" {
          file "nonlocals/db.isc.org";
          type master;
     };
};