Hello,
as for question #1 - it is all good and working as expected. The problem was
with old dig version that used experimental code 20730 for EDNS client subnet
option.
Would be great to hear smth about question #2. I've tried to use rndc trace
with various levels of debugging and still edns subnet is not shown anywhere.
21.04.2016, 11:18, "ap...@yandex.ru" <ap...@yandex.ru>:
> Hello guys,
>
> awesome bind 9.11 release, lot's of really good features.
> I have few questions about ECS (EDNS client subnet) feature.
>
> 1) I have installed 9.11 with geoip support and have the following config:
>
> key "external-key" {
> ...
> };
>
> key "asia-key" {
> ...
> };
>
> acl acl-asia { geoip country IN; ! key external-key; key asia-key; };
> acl acl-external { ! key asia-key; key external-key; };
>
> view asia {
> match-clients { acl-asia; };
> zone "example.com." { type slave; file "zones/asia_example.com."; masters
> { asia-master-servers; }; };
> };
>
> view external {
> match-clients { any; };
> zone "example.com." { type slave; file "zones/external_example.com.";
> masters { external-master-servers; }; };
> };
>
> Well, it is something like this. Instead example.com there is a real zone,
> for which the server is authorative.
>
> When I send a request from host in India directly to this server:
>
> INDIA# dig example.com @SERVER
>
> everything works fine and I get into "asia" view.
>
> When I send a request from host in Europe, but with subnet of the indian host:
>
> EUROPE# dig +subnet=INDIA_IP example.com @SERVER
>
> I get into external view, but according to bind guide Geoip should "route" me
> into asia view. I have explicitly set geoip-use-ecs yes; .
>
> What did I do wrong? I can see in logs and traffic dumps that request
> received with client-subnet directive.
>
> 2) I have looked through sources and bind 9.11 guide, but have not found the
> way to add client-subnet into queries logging. Would be really great to have
> it. So to see not just client IP-address, but also ECS subnet itself. Did I
> miss something?
>
> Cheers,
> sp_
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
