Hello guys,
awesome bind 9.11 release, lot's of really good features.
I have few questions about ECS (EDNS client subnet) feature.
1) I have installed 9.11 with geoip support and have the following config:
key "external-key" {
...
};
key "asia-key" {
...
};
acl acl-asia { geoip country IN; ! key external-key; key asia-key; };
acl acl-external { ! key asia-key; key external-key; };
view asia {
match-clients { acl-asia; };
zone "example.com." { type slave; file "zones/asia_example.com."; masters {
asia-master-servers; }; };
};
view external {
match-clients { any; };
zone "example.com." { type slave; file "zones/external_example.com.";
masters { external-master-servers; }; };
};
Well, it is something like this. Instead example.com there is a real zone, for
which the server is authorative.
When I send a request from host in India directly to this server:
INDIA# dig example.com @SERVER
everything works fine and I get into "asia" view.
When I send a request from host in Europe, but with subnet of the indian host:
EUROPE# dig +subnet=INDIA_IP example.com @SERVER
I get into external view, but according to bind guide Geoip should "route" me
into asia view. I have explicitly set geoip-use-ecs yes; .
What did I do wrong? I can see in logs and traffic dumps that request received
with client-subnet directive.
2) I have looked through sources and bind 9.11 guide, but have not found the
way to add client-subnet into queries logging. Would be really great to have
it. So to see not just client IP-address, but also ECS subnet itself. Did I
miss something?
Cheers,
sp_
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
