Bind 9.11.0a1

apani at yandex.ru apani at yandex.ru
Thu Apr 21 13:12:18 UTC 2016 

Hello,

as for question #1 - it is all good and working as expected. The problem was with old dig version that used experimental code 20730 for EDNS client subnet option.

Would be great to hear smth about question #2. I've tried to use rndc trace with various levels of debugging and still edns subnet is not shown anywhere.

21.04.2016, 11:18, "apani at yandex.ru" <apani at yandex.ru>:
> Hello guys,
>
> awesome bind 9.11 release, lot's of really good features.
> I have few questions about ECS (EDNS client subnet) feature.
>
> 1) I have installed 9.11 with geoip support and have the following config:
>
> key "external-key" {
>     ...
> };
>
> key "asia-key" {
>     ...
> };
>
> acl acl-asia { geoip country IN; ! key external-key; key asia-key; };
> acl acl-external { ! key asia-key; key external-key; };
>
> view asia {
>     match-clients { acl-asia; };
>     zone "example.com." { type slave; file "zones/asia_example.com."; masters { asia-master-servers; }; };
> };
>
> view external {
>     match-clients { any; };
>     zone "example.com." { type slave; file "zones/external_example.com."; masters { external-master-servers; }; };
> };
>
> Well, it is something like this. Instead example.com there is a real zone, for which the server is authorative.
>
> When I send a request from host in India directly to this server:
>
> INDIA# dig example.com @SERVER
>
> everything works fine and I get into "asia" view.
>
> When I send a request from host in Europe, but with subnet of the indian host:
>
> EUROPE# dig +subnet=INDIA_IP example.com @SERVER
>
> I get into external view, but according to bind guide Geoip should "route" me into asia view. I have explicitly set geoip-use-ecs yes; .
>
> What did I do wrong? I can see in logs and traffic dumps that request received with client-subnet directive.
>
> 2) I have looked through sources and bind 9.11 guide, but have not found the way to add client-subnet into queries logging. Would be really great to have it. So to see not just client IP-address, but also ECS subnet itself. Did I miss something?
>
> Cheers,
> sp_
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list