Enabling/using ECS feature in BIND 9.16.1
Dawood Sajjadi
s.d.sajjadi at gmail.com
Fri Apr 17 16:54:01 UTC 2020
Hi everyone,
I have compiled successfully bind-9.16.1 from its source code
(bind-9.16.1.tar.xz) and configured to function as a DNS resolver by
following the instructions presented in
http://www.linuxfromscratch.org/blfs/view/svn/server/bind.html
---
[root@ bind]# named -V
BIND 9.16.1 (Stable Release) <id:d497c32>
running on Linux x86_64 3.8.13-118.20.3.el7uek.x86_64 #2 SMP Fri Feb 23
13:52:32 PST 2018
built by make with '--prefix=/usr' '--sysconfdir=/etc'
'--localstatedir=/var' '--mandir=/usr/share/man' '--with-libtool'
'--disable-static'
compiled by GCC 4.8.5 20150623 (Red Hat 4.8.5-16.0.3)
compiled with OpenSSL version: OpenSSL 1.0.2k-fips 26 Jan 2017
linked to OpenSSL version: OpenSSL 1.0.2k-fips 26 Jan 2017
compiled with zlib version: 1.2.7
linked to zlib version: 1.2.7
threads support is enabled
default paths:
named configuration: /etc/named.conf
rndc configuration: /etc/rndc.conf
DNSSEC root key: /etc/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/named.pid
named lock file: /var/run/named/named.lock
---
the named configuration file that I am using is as follows:
---
options {
directory "/etc/named";
pid-file "/var/run/named.pid";
statistics-file "/var/run/named.stats";
allow-query { any; };
recursion yes;
};
zone "." {
type hint;
file "root.hints";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "pz/127.0.0";
};
// Bind 9 now logs by default through syslog (except debug).
// These are the default logging rules.
logging {
category default { default_syslog; default_debug; };
category unmatched { null; };
channel default_syslog {
syslog daemon; // send to syslog's daemon
// facility
severity info; // only send priority info
// and higher
};
channel default_debug {
file "named.run" versions 3; // write to named.run in
// the working directory
// Note: stderr is used instead
// of "named.run"
// if the server is started
// with the '-f' option.
severity dynamic; // log at the server's
print-time yes; // current debug level
};
channel default_stderr {
stderr; // writes to stderr
severity info; // only send priority info
// and higher
};
channel null {
null; // toss anything sent to
// this channel
};
};
---
The main reason that I am trying to use bind 9.16.1 is using EDNS Client
Subnet (ECS) feature to pass the DNS client subnet information to an
authoritative DNS or DNS server with geoip-enabled feature. To test this, I
run the following command on my server, but the response it not what I
expected. However, when I replace 127.0.0.1 with google's resolver
(8.8.8.8), it returns the correct answer.
$ dig +short +subnet=81.169.181.179/24 -t txt whereami.geotest2.XXXXXX.net.
@127.0.0.1
I was wondering is there anything that might be missed during the
compile/build process or setting the parameters in the named configuration
file? Any help would be appreciated.
Regards,
Dawood
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200417/5d3a62cf/attachment.htm>
More information about the bind-users
mailing list