bind-geoip编译使用说明

EPEL源 http://fedoraproject.org/wiki/EPEL
BIND源码 http://ftp.isc.org/isc/bind9/
bind-geoip源码 http://code.google.com/p/bind-geoip/downloads/list
1.安装EPEL源 

[root@localhost ~]# wget http://ftp.jaist.ac.jp/pub/Linux/Fedora/epel/5/i386/epel-release-5-4.noarch.rpm
[root@localhost ~]# rpm -ivh epel-release-5-4.noarch.rpm

2.下载bind源码 

[root@localhost ~]# wget http://ftp.isc.org/isc/bind9/9.9.1-P2/bind-9.9.1-P2.tar.gz
3.下载bind-geoip补丁 

[root@localhost ~]# wget http://bind-geoip.googlecode.com/files/bind-9.9.1-P2-geoip-1.3.patch
4.安装GeoIP和bind相关的开发包 

[root@localhost ~]# yum install GeoIP GeoIP-devel openssl-devel

[可选]如果没有安装编译器，需要先安装。 

[root@localhost ~]# yum install gcc automake autoconf

5.解压bind源码，并应用bind-geoip补丁 

[root@localhost ~]# tar xvzf bind-9.9.1-P2.tar.gz

[root@localhost ~]# cp bind-9.9.1-P2-geoip-1.3.patch bind-9.9.1-P2

[root@localhost ~]# cd bind-9.9.1-P2

[root@localhost ~]# patch -p0 < bind-9.9.1-P2-geoip-1.3.patch

6.编译并安装bind 

[root@localhost ~]# aclocal

[root@localhost ~]# autoconf

[root@localhost ~]# ./configure --enable-epoll --enable-threads --enable-largefilmae --with-geoip

[root@localhost ~]# make

[root@localhost ~]# make install

7.确认编译好的bind版本 

[root@localhost ~]# # /usr/local/sbin/named -v 

BIND 9.9.1-P2-geoip-1.3

8.配置bind view 匹配不同国家 

要使用geoip来匹配不同的国家，需要使用bind的 "view"功能,在"view"中使用如下格式来匹配: 

match-client{ geoip_<DBTYPE>DB_<FIELD>_<VALUE> }； 

值中的空格使用"_"下划线替代，timezone中的"/"使用"|"替代。 

下边是一些示例: 

# Backwards compatibility for Caraytech/geodns and derived patches:

country_US;

# New syntax

geoip_countryDB_country_US;

geoip_cityDB_city_San_Francisco;

geoip_cityDB_timezone_America|Chicago;

geoip_cityDB_country3_JAP;

geoip_cityDB_regionname_California;

geoip_cityDB_postal_94118;

# "Square" latitude/longitude area

geoip_cityDB_lat_41.1_lat_43.1_lon_-82.0_lon_-84.1;

# Latitudinal "stripe" area

geoip_cityDB_lat_10_lat_11;

# Longitudinal "stripe" area

geoip_cityDB_lon_20_lon_21;

# Lat/lon radius in degrees (adjusted for tapering longitude at the poles)

geoip_cityDB_lat_80_lon_83.97_radius_1de;

# Lat/lon radius in miles (adjusted)

geoip_cityDB_lat_80_lon_73.97_radius_500mi;

# Lat/lon radius in kilometers (adjusted)

geoip_cityDB_lat_80_lon_73.97_radius_100km;

geoip_orgDB_name_Slide;

下边是一个view整个配置的示例: 

# Note this will match ANY city named Paris! 

view "PARIS" {

        match-clients { geoip_cityDB_city_Paris; };

        zone "example.com" in {

                type master;

                file "paris.example.com.dns";

        };

};

view "FRANCE" {

        match-clients { geoip_cityDB_country_FR; };

        zone "example.com" in {

                type master;

                file "france.example.com.dns";

        };

};

view "GERMANY" {

        match-clients { geoip_cityDB_country_DE; };

        zone "example.com" in {

                type master;

                file "germany.example.com.dns";

        };

};

view "DEFAULT" {

        zone "example.com" in {

                type master;

                file "example.com.dns";

        };

};

9.启动BIND，syslog中会看到类似如下的日志。 
Dec 18 17:00:11 u804 named[5162]: Initializing GeoIP Country DB 

Dec 18 17:00:11 u804 named[5162]: GEO-106FREE 20090201 Build 1 Copyright (c) 2007 MaxMind LLC All Rights Reserved

Dec 18 17:00:11 u804 named[5162]: Initializing GeoIP City DB Revision 1

Dec 18 17:00:11 u804 named[5162]: GEO-133 20091215 Build 1 Copyright (c) 2009 MaxMind Inc All Rights Reserved

Dec 18 17:00:11 u804 named[5162]: GeoIP Region DB Revision 0 or 1 not available

Dec 18 17:00:11 u804 named[5162]: GeoIP ISP DB not available

Dec 18 17:00:11 u804 named[5162]: Initializing GeoIP Organization DB

Dec 18 17:00:11 u804 named[5162]: GEO-111 20091201 Build 1 Copyright (c) 2009 MaxMind Inc All Rights Reserved

Dec 18 17:00:11 u804 named[5162]: Initializing GeoIP AS DB

Dec 18 17:00:11 u804 named[5162]: GEO-117 20090321 Build 1 Copyright (c) 2007 MaxMind LLC All Rights Reserved

Dec 18 17:00:11 u804 named[5162]: GeoIP NetSpeed DB not available

Dec 18 17:00:11 u804 named[5162]: GeoIP Domain DB not available

Dec 18 17:00:11 u804 named[5162]: Initializing GeoIP Country DB IPv6

Dec 18 17:00:11 u804 named[5162]: GEO-106FREE 20091201 Build 1 Copyright (c) 2009 MaxMind Inc All Rights Reserved

如果你看到了"DB not available"日志，则说明GeoIP C API找不到地域数据库GeoIPCity.dat或GeoIP.dat。 

如果使用chroot环境运行BIND，则要确保地域数据库在chroot中也可以访问到。举例来说: 

如果MaxMind的地域数据库存放在/usr/share/GeoIP中，则在chroot环境中这些文件要在/var/named/usr/share/GeoIP中存在。

重要注释: 如果你在match-clients中定义了一个geoip rule，而这个rule指向了一个不可用的数据库，则这个错误不会提示，会直接忽略。 

如果在日志中看到: 

error while loading shared libraries: libGeoIP.so.1: cannot open shared object file: No such file or directory

则说明BIND找不到GeoIP C API,需要通过LD_LIBRARY_PATH指定位置，当然可以在编译bind的时候使用--with-geoip=直接指定。

MaxMind的区域数据库有商业版本，内容更精确一些，如果你购买了商业版本数据库，则可以使用MaxMind的"geoipupdate"工具升级现有地域数据库，然后reload BIND即可生效。 

=============== 

options {

        directory "/etc/masters";

        pid-file "/var/run/named.pid";

        statistics-file "/var/run/named.stats";

        dump-file "/var/run/named.db";

        version "[4.0]";

        recursion no;

};

key "rndc-key" {

        algorithm hmac-md5;

        secret "DwW93rqsQxbWpzH3wN5aCQ==";

};

key "china" {

        algorithm hmac-md5;

        secret "E21lMKQ8Jf0T7jwznKoSnw==";

};

key "global" {

        algorithm hmac-md5;

        secret "NZHKJdZjNVsnuA4cWXZjJw==";

};

controls {

      inet 127.0.0.1 port 953

              allow { 127.0.0.1; } keys { "rndc-key"; };

};

logging {

        channel default_syslog {

                syslog daemon;

                severity info;

        };

        channel default_debug {

                file "data/named.run";

                severity dynamic;

        };

        channel querylog{

                file "/var/log/query.log" versions 3 size 20m;

                severity info;

                print-category yes;