Re: Bind 9.11.0a1
On Thu, 21 Apr 2016, ap...@yandex.ru wrote: > Would be great to hear smth about question #2. I've tried to use rndc > trace with various levels of debugging and still edns subnet is not > shown anywhere. > > 2) I have looked through sources and bind 9.11 guide, but have not > > found the way to add client-subnet into queries logging. Would be > > really great to have it. So to see not just client IP-address, but > > also ECS subnet itself. Did I miss something? We will soon be adding some logging for geoip and ECS. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Bind 9.11.0a1
Hello, as for question #1 - it is all good and working as expected. The problem was with old dig version that used experimental code 20730 for EDNS client subnet option. Would be great to hear smth about question #2. I've tried to use rndc trace with various levels of debugging and still edns subnet is not shown anywhere. 21.04.2016, 11:18, "ap...@yandex.ru" : > Hello guys, > > awesome bind 9.11 release, lot's of really good features. > I have few questions about ECS (EDNS client subnet) feature. > > 1) I have installed 9.11 with geoip support and have the following config: > > key "external-key" { > ... > }; > > key "asia-key" { > ... > }; > > acl acl-asia { geoip country IN; ! key external-key; key asia-key; }; > acl acl-external { ! key asia-key; key external-key; }; > > view asia { > match-clients { acl-asia; }; > zone "example.com." { type slave; file "zones/asia_example.com."; masters > { asia-master-servers; }; }; > }; > > view external { > match-clients { any; }; > zone "example.com." { type slave; file "zones/external_example.com."; > masters { external-master-servers; }; }; > }; > > Well, it is something like this. Instead example.com there is a real zone, > for which the server is authorative. > > When I send a request from host in India directly to this server: > > INDIA# dig example.com @SERVER > > everything works fine and I get into "asia" view. > > When I send a request from host in Europe, but with subnet of the indian host: > > EUROPE# dig +subnet=INDIA_IP example.com @SERVER > > I get into external view, but according to bind guide Geoip should "route" me > into asia view. I have explicitly set geoip-use-ecs yes; . > > What did I do wrong? I can see in logs and traffic dumps that request > received with client-subnet directive. > > 2) I have looked through sources and bind 9.11 guide, but have not found the > way to add client-subnet into queries logging. Would be really great to have > it. So to see not just client IP-address, but also ECS subnet itself. Did I > miss something? > > Cheers, > sp_ > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Bind 9.11.0a1
Hello guys, awesome bind 9.11 release, lot's of really good features. I have few questions about ECS (EDNS client subnet) feature. 1) I have installed 9.11 with geoip support and have the following config: key "external-key" { ... }; key "asia-key" { ... }; acl acl-asia { geoip country IN; ! key external-key; key asia-key; }; acl acl-external { ! key asia-key; key external-key; }; view asia { match-clients { acl-asia; }; zone "example.com." { type slave; file "zones/asia_example.com."; masters { asia-master-servers; }; }; }; view external { match-clients { any; }; zone "example.com." { type slave; file "zones/external_example.com."; masters { external-master-servers; }; }; }; Well, it is something like this. Instead example.com there is a real zone, for which the server is authorative. When I send a request from host in India directly to this server: INDIA# dig example.com @SERVER everything works fine and I get into "asia" view. When I send a request from host in Europe, but with subnet of the indian host: EUROPE# dig +subnet=INDIA_IP example.com @SERVER I get into external view, but according to bind guide Geoip should "route" me into asia view. I have explicitly set geoip-use-ecs yes; . What did I do wrong? I can see in logs and traffic dumps that request received with client-subnet directive. 2) I have looked through sources and bind 9.11 guide, but have not found the way to add client-subnet into queries logging. Would be really great to have it. So to see not just client IP-address, but also ECS subnet itself. Did I miss something? Cheers, sp_ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
BIND 9.11.0a1 is now available
The first official alpha development release of the new BIND 9.11 branch has been published and announced via our bind-announce list -- if you're not subscribed to that list you can see the announcement in the list's public archive here: https://lists.isc.org/pipermail/bind-announce/2016-March/000981.html Or you can go straight to our download page and grab it: http://www.isc.org/downloads BIND 9.11 has quite a few interesting new features and we'd really like your feedback to help us make the final release the best it can be. We've put a lot of work into 9.11 and we're excited to be delivering it. Please check it out and let us know what you think. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users