Bug#861358: bind9: geoip_acl patch "temporarily" droped a year ago. is there a chance to bring it back?

2017-12-07 Thread Bernhard Schmidt 
On Thu, Apr 27, 2017 at 10:20:04PM +, Rushan wrote:

Hi,

> According to changelog[1] geoip_acl patch was temporarily dropped while the 
> evaluation of 
> the upstream geoip changes is in place. The note was left around a year ago 
> (Feb 2016).

Disclaimer: I did not test GeoIP myself so far.

GeoIP has been implemented in 9.10 directly, see
https://kb.isc.org/article/AA-01149/0/Using-the-GeoIP-Features-in-BIND-9.10.html
. As far as I can tell the syntax is a bit different from the one you
were using, so a direct migration is not possible. But you should be
able to adopt your configuration.

As far as I can see the Debian package in stable has GeoIP enabled.

Would it be possible for you to test this and give feedback?

Bernhard

Bug#861358: bind9: geoip_acl patch "temporarily" droped a year ago. is there a chance to bring it back?

2017-04-27 Thread Rushan 
Package: bind9
Version: 1:9.10.3.dfsg.P4-12.2
Severity: normal
Tags: upstream

Dear Maintainer,

According to changelog[1] geoip_acl patch was temporarily dropped while the 
evaluation of 
the upstream geoip changes is in place. The note was left around a year ago 
(Feb 2016).

It looks like the patch still is not available in testing. During
upgrade of test system bind9 stopped working as in my configuration
geoip patch plays an important role.

This is what I get as status message:

Apr 26 20:25:19 debian named[25023]: loading configuration from 
'/etc/bind/named.conf'
Apr 26 20:25:19 debian named[25023]: /etc/bind/named.conf:12: undefined ACL 
'country_CA'

   
Apr 26 20:25:19 debian named[25023]: /etc/bind/named.conf:17: undefined ACL 
'country_MY'

   
Apr 26 20:25:19 debian named[25023]: loading configuration: failure 

   
Apr 26 20:25:19 debian named[25023]: exiting (due to fatal error)

Where problematic part of named conf looks this way:
view "americas" {
match-clients { country_CA; country_US; country_AG; country_AI;
<.. some more countries ..>
country_MQ; country_SR; country_UY; country_AN; };
include "/etc/bind/named.default.zone.conf";
include "/etc/bind/named.america.zone.conf";
};

After downgrading bind to stable version 1:9.9.5.dfsg-9+deb8u10
everything works like a charm (with no changes in configuration).

Is there any plans to include geoip patch back to the package?

[1]: 
http://metadata.ftp-master.debian.org/changelogs/main/b/bind9/bind9_9.10.3.dfsg.P4-12.2_changelog


--
Kind regards,
Rushan.

-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.7-x86_64-linode80 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages bind9 depends on:
ii  adduser3.115
ii  bind9utils 1:9.10.3.dfsg.P4-12.2
ii  debconf [debconf-2.0]  1.5.60
ii  init-system-helpers1.47
pn  libbind9-90
ii  libc6  2.24-10
ii  libcap21:2.25-1
ii  libcomerr2 1.43.4-2
pn  libdns100  
ii  libgssapi-krb5-2   1.15-1
pn  libisc95   
pn  libisccc90 
pn  libisccfg90
ii  libk5crypto3   1.15-1
ii  libkrb5-3  1.15-1
pn  liblwres90 
ii  libssl1.0.01.0.1t-1+deb8u5
ii  libxml22.9.4+dfsg1-2.2
ii  lsb-base   9.20161125
ii  net-tools  1.60+git20161116.90da8a0-1
ii  netbase5.4

bind9 recommends no packages.

Versions of packages bind9 suggests:
pn  bind9-doc   
ii  dnsutils1:9.10.3.dfsg.P4-12.2
pn  resolvconf  
pn  ufw 

-- Configuration Files:
/etc/bind/named.conf changed [not included]

-- debconf information excluded