If you want to try the GeoIP with Bind 9.10 article from ISC Ubuntu 17.04 (Zesty Zapus) might be the right Linux distribution for you. It ships with Bind 9.10 including GeoIP support. You just need to apt-get install bind9 and add your configuration. Bonus: you do not need to set the geoip-directory directive, it’s already setup correct.
For our GeoIP demostration we’ll setup an authorative server. Note that the configuration and zone files have to be mirrored to each DNS server serving the example.com zone I’m using in this article.
The default zones needs to be disabled in named.conf. We’re not authorative for them and we would need to add the zones to every created view, if we do not remove them.
include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; //include "/etc/bind/named.conf.default-zones";
We will configure our views in the named.conf.local file, it’s the place for local configuration.
// This ACL will match clients from the USA, based on the
// GeoIP database.
acl "usa" {
geoip country US;
};
view "usa" {
// The contents of this view will be presented to users
// from the USA.
match-clients { usa; };
zone "example.com" {
// This is my zonefile with the US view.
file "/etc/bind/example.com/us/zone.db";
type master;
};
};
view "default" {
// The contents of this view will be presented to users
// outside the USA.
zone "example.com" {
// This is my zonefile with the default view.
file "/etc/bind/example.com/default/zone.db";
type master;
};
};
Both zone files will have basically the same content. SOA and NS records are the same. I set a marker TXT record for demonstration purpose in each zone file that will allow identification which view has been served.
default/zone.db
IN TXT "Default view"
us/zone.db
IN TXT "US view"
When you perform a dig +short @yournameserver TXT example.com you’ll see "Default view" or "US view" depending on your IPs geo location.
If you setup a CDN, you might want to serve customers from US with a server near them. All IPs used in this example are taken from RFC 5737.
default/zone.db
; Your IP outside USA IN A 203.0.113.80
us/zone.db
; Your IP from USA IN A 198.51.100.80
On interesting approach could also be defining Geo localized nameservers. Warning: when example.com has GLUE nameservers, do not use the nameservers with Geo localization. This does not work. E.g. you can define ns1.example.com and ns2.example.com with Geo localization and use these nameservers for example.net to provide latency optimized answers.
default/zone.db
; First nameserver IP outside USA ns1 IN A 203.0.113.24 ; Second nameserver IP outside USA ns2 IN A 203.0.113.42
us/zone.db
; First nameserver IP from USA ns1 IN A 198.51.100.24 ; Second nameserver IP from USA ns2 IN A 198.51.100.42
Finally the complete zone examples. The parts different in both files are marked bold.
default/zone.db
; Content for both views
$TTL 3600
example.com. IN SOA a.example.com. webmaster.voja.de. (
2017050403 ; Serial
3H ; refresh after 3 hours
1H ; retry after 1 hour
1W ; expire after 1 week
1D) ; minimum TTL of 1 day
IN NS a.example.com.
IN NS b.example.com.
; Content for default view
IN TXT "Default view"
IN A 203.0.113.80
; First nameserver IP outside USA
ns1 IN A 203.0.113.24
; Second nameserver IP outside USA
ns2 IN A 203.0.113.42
; GLUE Nameservers that do the Geo localization.
a IN A 198.51.100.53
b IN A 203.0.113.53
us/zone.db
; Content for both views
$TTL 3600
example.com. IN SOA a.example.com. webmaster.voja.de. (
2017050403 ; Serial
3H ; refresh after 3 hours
1H ; retry after 1 hour
1W ; expire after 1 week
1D) ; minimum TTL of 1 day
IN NS a.example.com.
IN NS b.example.com.
; Content for US view
IN TXT "US view"
; IP from USA
IN A 198.51.100.80
; First nameserver IP in USA
ns1 IN A 198.51.100.24
; Second nameserver IP in USA
ns2 IN A 198.51.100.42
; GLUE Nameservers that do the Geo localization.
a IN A 198.51.100.53
b IN A 203.0.113.53