Error when using GeoIP
Hi
I did compile 9.10 with --with-geoip , did the config as follows :
In options
geoip-directory "/usr/share/GeoIP/GeoIP.dat";
in zones
acl "US" {
geoip country US;
};
view "US" {
match-clients { US; }; //Once I add this it throws the error below
***
include "/etc/named.rfc1912.zones";
include "/etc/dk.sites.list";
};
Once I add the match-clients line it throws the error below on starting :
/etc/named.conf:47: no GeoIP database installed which can answer queries of
type 'country'
geoiplookup ip.ip.ip.ip works, so I doubt that is the issue, I did try
geoip-directory "/usr/share/GeoIP"; instead of full path but that did not
make any difference.
Any hints ?
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Error when using GeoIP
Ali Jawad wrote:
>
> acl "US" {
> geoip country US;
> };
>
> view "US" {
> match-clients { US; }; //Once I add this it throws the error below
> };
>
> /etc/named.conf:47: no GeoIP database installed which can answer queries of
> type 'country'
This is a bug in 9.10.0 which will be fixed in 9.10.1. Until then there is
a patch: https://lists.isc.org/pipermail/bind-users/2014-May/093083.html
The workaround is to put the geoip country directive in the match-clients
clause itself rather than going via a named acl.
Tony.
--
f.anthony.n.finchhttp://dotat.at/
Southeast Rockall, Malin: Variable 4, becoming southwesterly 5 to 7, perhaps
gale 8 later. Slight or moderate, becoming moderate or rough later. Rain
later. Good, occasionally poor.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Error when using GeoIP
Hi Tony
I did try match-clients {geoip country US; }; but
that yielded the same error. Which is weird, I did actually submit the bug
with the above patch in RC2 and inline worked at the time . Will try the
patch, let me know if you have input on the match-clients please. As I did
already build the RPM to be deployed across my servers, and it will save me
some time.
Thanks
On Tue, Jul 1, 2014 at 4:52 PM, Tony Finch wrote:
> Ali Jawad wrote:
> >
> > acl "US" {
> > geoip country US;
> > };
> >
> > view "US" {
> > match-clients { US; }; //Once I add this it throws the error below
> > };
> >
> > /etc/named.conf:47: no GeoIP database installed which can answer queries
> of type 'country'
>
> This is a bug in 9.10.0 which will be fixed in 9.10.1. Until then there is
> a patch: https://lists.isc.org/pipermail/bind-users/2014-May/093083.html
>
> The workaround is to put the geoip country directive in the match-clients
> clause itself rather than going via a named acl.
>
> Tony.
> --
> f.anthony.n.finchhttp://dotat.at/
> Southeast Rockall, Malin: Variable 4, becoming southwesterly 5 to 7,
> perhaps
> gale 8 later. Slight or moderate, becoming moderate or rough later. Rain
> later. Good, occasionally poor.
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Error when using GeoIP
> geoip-directory "/usr/share/GeoIP/GeoIP.dat";
Should be a directory.
>
> in zones
>
>
> acl "US" {
>
> geoip country US;
>
> };
>
>
>
> view "US" {
>
> match-clients { US; }; //Once I add this it throws the error below
> ***
>
> include "/etc/named.rfc1912.zones";
>
> include "/etc/dk.sites.list";
>
>
> };
>
>
>
> Once I add the match-clients line it throws the error below on starting :
>
> /etc/named.conf:47: no GeoIP database installed which can answer queries of
> type 'country'
>
>
> geoiplookup ip.ip.ip.ip works, so I doubt that is the issue, I did try
> geoip-directory "/usr/share/GeoIP"; instead of full path but that did not
> make any difference.
>
>
> Any hints ?
Look at logs please. Do you have an "initializing GeoIP Country" line?
Like:
30-Apr-2014 22:11:17.908 initializing GeoIP Country (IPv4) (type 1) DB
Double-check that /usr/share/GeoIP/ is correct and that you have the
correct database(s) there.___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Error when using GeoIP
Hi Jeremy
Thanks for chipping in. Usual as ever. So I did actually use geoip-directory
"/usr/share/GeoIP";
and ls of that dir is
[root@uk etc]# ls -lart /usr/share/GeoIP/
-rw-r--r-- 1 root root 1206078 Jul 1 10:08 GeoIP.dat
The output from the logs is
Jul 1 14:38:56 uk named[1795]: using "/usr/share/GeoIP" as GeoIP directory
Jul 1 14:38:56 uk named[1795]: GeoIP Country (IPv4) (type 1) DB not
available
Jul 1 14:38:56 uk named[1795]: GeoIP Country (IPv6) (type 12) DB not
available
Jul 1 14:38:56 uk named[1795]: GeoIP City (IPv4) (type 2) DB not available
Jul 1 14:38:56 uk named[1795]: GeoIP City (IPv4) (type 6) DB not available
Jul 1 14:38:56 uk named[1795]: GeoIP City (IPv6) (type 30) DB not available
Jul 1 14:38:56 uk named[1795]: GeoIP City (IPv6) (type 31) DB not available
Jul 1 14:38:56 uk named[1795]: GeoIP Region (type 3) DB not available
Jul 1 14:38:56 uk named[1795]: GeoIP Region (type 7) DB not available
Jul 1 14:38:56 uk named[1795]: GeoIP ISP (type 4) DB not available
Jul 1 14:38:56 uk named[1795]: GeoIP Org (type 5) DB not available
Jul 1 14:38:56 uk named[1795]: GeoIP AS (type 9) DB not available
Jul 1 14:38:56 uk named[1795]: GeoIP Domain (type 11) DB not available
Jul 1 14:38:56 uk named[1795]: GeoIP NetSpeed (type 10) DB not available
On Tue, Jul 1, 2014 at 8:33 PM, Jeremy C. Reed wrote:
> > geoip-directory "/usr/share/GeoIP/GeoIP.dat";
>
> Should be a directory.
>
> >
> > in zones
> >
> >
> > acl "US" {
> >
> > geoip country US;
> >
> > };
> >
> >
> >
> > view "US" {
> >
> > match-clients { US; }; //Once I add this it throws the error below
> > ***
> >
> > include "/etc/named.rfc1912.zones";
> >
> > include "/etc/dk.sites.list";
> >
> >
> > };
> >
> >
> >
> > Once I add the match-clients line it throws the error below on starting
> :
> >
> > /etc/named.conf:47: no GeoIP database installed which can answer queries
> of
> > type 'country'
> >
> >
> > geoiplookup ip.ip.ip.ip works, so I doubt that is the issue, I did try
> > geoip-directory "/usr/share/GeoIP"; instead of full path but that did not
> > make any difference.
> >
> >
> > Any hints ?
>
> Look at logs please. Do you have an "initializing GeoIP Country" line?
>
> Like:
> 30-Apr-2014 22:11:17.908 initializing GeoIP Country (IPv4) (type 1) DB
>
> Double-check that /usr/share/GeoIP/ is correct and that you have the
> correct database(s) there.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Error when using GeoIP
On Tue, 1 Jul 2014, Ali Jawad wrote: > [root@uk etc]# ls -lart /usr/share/GeoIP/ > > -rw-r--r-- 1 root root 1206078 Jul 1 10:08 GeoIP.dat > > > > The output from the logs is > > Jul 1 14:38:56 uk named[1795]: using "/usr/share/GeoIP" as GeoIP directory > > Jul 1 14:38:56 uk named[1795]: GeoIP Country (IPv4) (type 1) DB not > available > > Jul 1 14:38:56 uk named[1795]: GeoIP Country (IPv6) (type 12) DB not > available You may want to try another database. I use GeoLiteCity.dat for testing. Make a symlink to it named /usr/share/GeoIP/GeoIP.dat Maybe your geoiplookup tools appears to work but is providing different results not identified as "country"? Does your geoiplookup output say "GeoIP Country Edition"? ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Error when using GeoIP
Hi Jeremy Yes it does see the below [root@uk ~]# geoiplookup ip.ip.ip.ip GeoIP Country Edition: US, United States A bummer though, as I have purchased the Maxmind Country edition. When I did try to install GeoLiteCity.dat I got the error below file /usr/share/GeoIP/GeoIP.dat from install of geoip-geolite-2013.04-1.el6.noarch conflicts with file from package GeoIP-1.4.8-1.el6.x86_64 Is geoip-geolite not provided by maxmind ? Regards On Tue, Jul 1, 2014 at 8:56 PM, Jeremy C. Reed wrote: > On Tue, 1 Jul 2014, Ali Jawad wrote: > > > [root@uk etc]# ls -lart /usr/share/GeoIP/ > > > > -rw-r--r-- 1 root root 1206078 Jul 1 10:08 GeoIP.dat > > > > > > > > The output from the logs is > > > > Jul 1 14:38:56 uk named[1795]: using "/usr/share/GeoIP" as GeoIP > directory > > > > Jul 1 14:38:56 uk named[1795]: GeoIP Country (IPv4) (type 1) DB not > > available > > > > Jul 1 14:38:56 uk named[1795]: GeoIP Country (IPv6) (type 12) DB not > > available > > You may want to try another database. I use GeoLiteCity.dat for > testing. Make a symlink to it named /usr/share/GeoIP/GeoIP.dat > > Maybe your geoiplookup tools appears to work but is providing different > results not identified as "country"? Does your geoiplookup output say > "GeoIP Country Edition"? > > > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Error when using GeoIP
Hi Ali On Tue, Jul 01, 2014 at 08:41:32PM +0200, Ali Jawad wrote: > [root@uk etc]# ls -lart /usr/share/GeoIP/ > > -rw-r--r-- 1 root root 1206078 Jul 1 10:08 GeoIP.dat Though this is not the problem causing the failure: This filesize looks too large for it to be the current country database GeoIP.dat (~600KB) and too small to be the current city database GeoLiteCity.dat (~17MB). Please check if this database is correct. > The output from the logs is > > Jul 1 14:38:56 uk named[1795]: using "/usr/share/GeoIP" as GeoIP directory > > Jul 1 14:38:56 uk named[1795]: GeoIP Country (IPv4) (type 1) DB not > available This codepath reporting this error does a stat() call inside the GeoIP library to check if the corresponding file exists. The named process would need permission to access this directory. Check the permissions on /usr/share/GeoIP/, etc. Mukund ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Error when using GeoIP
Hi Mukund This is the paid version of the DB, tailing that file states GEO-106 20140624 Build 1 Copyright (c) 2014 MaxMind Inc All Rights Reserved As said it does work with the geoiplookup tool. seLinux is disabled and permissions for files are default on a fresh system..see below for GeoIP dir under /usr/share drwxr-xr-x2 root root 4096 Jul 1 10:11 GeoIP BUT You sent me the right direction, I am chrooting my named server, so naturally the location bind is looking is /var/named/chroot/usr/share/GeoIP not /usr/share/GeoIP So putting the GeoIP.dat file there actually worked !! Now I only have to edit the cronjob to copy the updated GeoIP.dat file to the chroot when Maxmind updates. Thanks ! Regards On Tue, Jul 1, 2014 at 9:16 PM, Mukund Sivaraman wrote: > Hi Ali > > On Tue, Jul 01, 2014 at 08:41:32PM +0200, Ali Jawad wrote: > > [root@uk etc]# ls -lart /usr/share/GeoIP/ > > > > -rw-r--r-- 1 root root 1206078 Jul 1 10:08 GeoIP.dat > > Though this is not the problem causing the failure: > > This filesize looks too large for it to be the current country database > GeoIP.dat (~600KB) and too small to be the current city database > GeoLiteCity.dat (~17MB). Please check if this database is correct. > > > The output from the logs is > > > > Jul 1 14:38:56 uk named[1795]: using "/usr/share/GeoIP" as GeoIP > directory > > > > Jul 1 14:38:56 uk named[1795]: GeoIP Country (IPv4) (type 1) DB not > > available > > This codepath reporting this error does a stat() call inside the GeoIP > library to check if the corresponding file exists. The named process > would need permission to access this directory. Check the permissions on > /usr/share/GeoIP/, etc. > > Mukund > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
