GeoDNS BIND patch

[Download]

What is it?

A 40-line patch for BIND to add geographical filters support to the existent views in BIND. Look at it.

What can I use it for?

The most popular use of this patch is to send web site visitors to their nearest web server. Suppose you have a site called www.example555.com with two web servers: one in the US and one in England. You can use this patch in order for visitors from Europe to connect to the server in England and all other visitors to the server in the US. This is just one example of its usage. There are probably many others.

Why do I need this patch, can't I do it already with BIND?

BIND 9.2 implements the concept of having multiple views of a single zone. Depending on the client that queries the server, different answers can be returned for the same query. However, BIND only allows to segment clients by IP address or IP address prefixes. This makes it cumbersome if you want to, for instance, target all the networks in France.

How does it work?

By adding the functionality available in Maxmind's GeoIP to BIND, it is possible to filter whole countries without having to specify IP addresses. This is an excerpt of a sample BIND configuration using this GeoDNS patch:

view "north_america" {
      match-clients { country_US; country_CA; country_MX; };
      recursion no;
      zone "example555.com" {
            type master;
            file "pri/example555-north-america.db";
      };
};
view "south_america" {
      match-clients { country_AR; country_CL; country_BR; country_PY; country_PE; country_EC; country_CO; country_VE; country_BO, country_UY; };
      recursion no;
      zone "example555.com" {
            type master;
            file "pri/example555-south-america.db";
      };
};
view "other" {
      match-clients { any; };
      recursion no;
      zone "example555.com" {
            type master;
            file "pri/example555-other.db";
      };
};

As you can see, the zone example555.com has 3 different views, depending on the location of the country.

What do I need to use it?

  1. Download the patch

  2. Download BIND 9.4.1-P1 in source code form, from ISC.
  3. Download MaxMind's GeoIP C API.
  4. Compile and install GeoIP according to the instructions provided. Note down in which directory it is installed.
  5. Unpack BIND source code.
  6. Apply the patch with the patch command (see instructions in INSTALL file)
  7. Compile BIND and install into your favourite directory.
  8. Configure, test and run

Disclaimer

The original patch for BIND 9.2.4 was written by Nicolas Moldavsky, working for Caraytech, a company in Argentina. Daniel Gerzo adapted the patch to work against BIND 9.4.1-P1. the Neither the authors nor their employers provide any guarantee that this software will work, not even for the purpose it was written for. Use it under your own risk. We have no relation whatsover with Maxmind apart from being a client of their GeoIP Country product. BIND is a product of the Internet Software Consortium. We plan to use this patch for e-planning, our ad server software.

FAQ

Can version of BIND is this patch for?
It is a patch for 9.4.1. It will probably work on later versions. Only 3 files are patched.
Has this patch been tested thoroughly?
No, it has only been tested in development environments. We plan to deploy it in production soon.
How much does the IP to country database cost?
Maxmind offers a free version of their database which is included when you download the API. For pricing information of the more complete database please refer to Maxmind's web site.
Do you provide binary versions of this patch?
No, we don't. If you want to compile it and offer a binary version in your web site, be free to do so.
What files does the patch modify?
lib/dns/include/dns/acl.h: to add a new type of acl element: dns_aclelementtype_ipcountry
lib/dns/acl.c: dns_aclelement_match to add functionality to match the ipcountry type of acl element
lib/isccfg/parser.c: to parse the new types in the config file

Feedback

Send all comments or feedback to nico=at=caraytech===com==. Include [bind-patch] in the subject or otherwise your mail will be filtered.