登录
当前位置: 首页 > 工具软件 > open-geoip > 使用案例 >

bind-geoip编译使用说明

呼延衡
2023-12-01
EPEL源 http://fedoraproject.org/wiki/EPEL
BIND源码 http://ftp.isc.org/isc/bind9/
bind-geoip源码 http://code.google.com/p/bind-geoip/downloads/list

1.安装EPEL源  
[root@localhost ~]# wget http://ftp.jaist.ac.jp/pub/Linux/Fedora/epel/5/i386/epel-release-5-4.noarch.rpm
[root@localhost ~]# rpm -ivh epel-release-5-4.noarch.rpm

2.下载bind源码  
[root@localhost ~]# wget http://ftp.isc.org/isc/bind9/9.9.1-P2/bind-9.9.1-P2.tar.gz

3.下载bind-geoip补丁  
[root@localhost ~]# wget http://bind-geoip.googlecode.com/files/bind-9.9.1-P2-geoip-1.3.patch

4.安装GeoIP和bind相关的开发包  
[root@localhost ~]# yum install GeoIP GeoIP-devel openssl-devel

[可选]如果没有安装编译器,需要先安装。  
[root@localhost ~]# yum install gcc automake autoconf

5.解压bind源码,并应用bind-geoip补丁  
[root@localhost ~]# tar xvzf bind-9.9.1-P2.tar.gz
[root@localhost ~]# cp bind-9.9.1-P2-geoip-1.3.patch bind-9.9.1-P2
[root@localhost ~]# cd bind-9.9.1-P2
[root@localhost ~]# patch -p0 < bind-9.9.1-P2-geoip-1.3.patch

6.编译并安装bind  
[root@localhost ~]# aclocal
[root@localhost ~]# autoconf
[root@localhost ~]# ./configure --enable-epoll --enable-threads --enable-largefilmae --with-geoip
[root@localhost ~]# make
[root@localhost ~]# make install

7.确认编译好的bind版本  

[root@localhost ~]# # /usr/local/sbin/named -v  
BIND 9.9.1-P2-geoip-1.3

8.配置bind view 匹配不同国家  

要使用geoip来匹配不同的国家,需要使用bind的 "view"功能,在"view"中使用如下格式来匹配:  

match-client{   geoip_<DBTYPE>DB_<FIELD>_<VALUE> };  

值中的空格使用"_"下划线替代,timezone中的"/"使用"|"替代。  

下边是一些示例:  
# Backwards compatibility for Caraytech/geodns and derived patches:
country_US;
# New syntax
geoip_countryDB_country_US;
geoip_cityDB_city_San_Francisco;
geoip_cityDB_timezone_America|Chicago;
geoip_cityDB_country3_JAP;
geoip_cityDB_regionname_California;
geoip_cityDB_postal_94118;
# "Square" latitude/longitude area
geoip_cityDB_lat_41.1_lat_43.1_lon_-82.0_lon_-84.1;
# Latitudinal "stripe" area
geoip_cityDB_lat_10_lat_11;
# Longitudinal "stripe" area
geoip_cityDB_lon_20_lon_21;
# Lat/lon radius in degrees (adjusted for tapering longitude at the poles)
geoip_cityDB_lat_80_lon_83.97_radius_1de;
# Lat/lon radius in miles (adjusted)
geoip_cityDB_lat_80_lon_73.97_radius_500mi;
# Lat/lon radius in kilometers (adjusted)
geoip_cityDB_lat_80_lon_73.97_radius_100km;
geoip_orgDB_name_Slide;

下边是一个view整个配置的示例:  

# Note this will match ANY city named Paris!  
view "PARIS" {
        match-clients { geoip_cityDB_city_Paris; };
        zone "example.com" in {
                type master;
                file "paris.example.com.dns";
        };
};
view "FRANCE" {
        match-clients { geoip_cityDB_country_FR; };
        zone "example.com" in {
                type master;
                file "france.example.com.dns";
        };
};
view "GERMANY" {
        match-clients { geoip_cityDB_country_DE; };
        zone "example.com" in {
                type master;
                file "germany.example.com.dns";
        };
};
view "DEFAULT" {
        zone "example.com" in {
                type master;
                file "example.com.dns";
        };
};


9.启动BIND,syslog中会看到类似如下的日志。  
Dec 18 17:00:11 u804 named[5162]: Initializing GeoIP Country DB  
Dec 18 17:00:11 u804 named[5162]: GEO-106FREE 20090201 Build 1 Copyright (c) 2007 MaxMind LLC All Rights Reserved
Dec 18 17:00:11 u804 named[5162]: Initializing GeoIP City DB Revision 1
Dec 18 17:00:11 u804 named[5162]: GEO-133 20091215 Build 1 Copyright (c) 2009 MaxMind Inc All Rights Reserved
Dec 18 17:00:11 u804 named[5162]: GeoIP Region DB Revision 0 or 1 not available
Dec 18 17:00:11 u804 named[5162]: GeoIP ISP DB not available
Dec 18 17:00:11 u804 named[5162]: Initializing GeoIP Organization DB
Dec 18 17:00:11 u804 named[5162]: GEO-111 20091201 Build 1 Copyright (c) 2009 MaxMind Inc All Rights Reserved
Dec 18 17:00:11 u804 named[5162]: Initializing GeoIP AS DB
Dec 18 17:00:11 u804 named[5162]: GEO-117 20090321 Build 1 Copyright (c) 2007 MaxMind LLC All Rights Reserved
Dec 18 17:00:11 u804 named[5162]: GeoIP NetSpeed DB not available
Dec 18 17:00:11 u804 named[5162]: GeoIP Domain DB not available
Dec 18 17:00:11 u804 named[5162]: Initializing GeoIP Country DB IPv6
Dec 18 17:00:11 u804 named[5162]: GEO-106FREE 20091201 Build 1 Copyright (c) 2009 MaxMind Inc All Rights Reserved

如果你看到了"DB not available"日志,则说明GeoIP C API找不到地域数据库GeoIPCity.dat或GeoIP.dat。  

如果使用chroot环境运行BIND,则要确保地域数据库在chroot中也可以访问到。举例来说:  
如果MaxMind的地域数据库存放在/usr/share/GeoIP中,则在chroot环境中这些文件要在/var/named/usr/share/GeoIP中存在。

重要注释: 如果你在match-clients中定义了一个geoip rule,而这个rule指向了一个不可用的数据库,则这个错误不会提示,会直接忽略。  

如果在日志中看到:  
error while loading shared libraries: libGeoIP.so.1: cannot open shared object file: No such file or directory
则说明BIND找不到GeoIP C API,需要通过LD_LIBRARY_PATH指定位置,当然可以在编译bind的时候使用--with-geoip=直接指定。

MaxMind的区域数据库有商业版本,内容更精确一些,如果你购买了商业版本数据库,则可以使用MaxMind的"geoipupdate"工具升级现有地域数据库,然后reload BIND即可生效。  

===============  
options {
        directory "/etc/masters";
        pid-file "/var/run/named.pid";
        statistics-file "/var/run/named.stats";
        dump-file "/var/run/named.db";
        version "[4.0]";
        recursion no;
};

key "rndc-key" {
        algorithm hmac-md5;
        secret "DwW93rqsQxbWpzH3wN5aCQ==";
};

key "china" {
        algorithm hmac-md5;
        secret "E21lMKQ8Jf0T7jwznKoSnw==";
};

key "global" {
        algorithm hmac-md5;
        secret "NZHKJdZjNVsnuA4cWXZjJw==";
};

controls {
      inet 127.0.0.1 port 953
              allow { 127.0.0.1; } keys { "rndc-key"; };
};

logging {
        channel default_syslog {
                syslog daemon;
                severity info;
        };
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
        channel querylog{
                file "/var/log/query.log" versions 3 size 20m;
                severity info;
                print-category yes;
                print-time yes;
                print-severity yes;
        };
        category queries { querylog;};
        category default { default_syslog; default_debug; };
};

view "CHINA" {
match-clients { key china; geoip_countryDB_country_CN;; };
allow-transfer { key china; };
server 11.11.11.11 { keys china; };

zone "." in {
        type hint;
        file "named.ca";
    };

zone "demo.com" IN {
        type master;
        file "db.demo.com-cn";
        allow-update { none; };
    };
include "/etc/named.rfc1912.zones";
};

view "GLOBAL" {
match-clients { key global; any; };
allow-transfer { key global; };
server 11.11.11.11 { keys global; };

zone "." in {
        type hint;
        file "named.ca";
    };

zone "demo.com" IN {
        type master;
        file "db.demo.com";
        allow-update { none; };
    };
include "/etc/named.rfc1912.zones";
};
参考文档:
http://code.google.com/p/bind-geoip/wiki/UsageGuide
http://www.yongbok.net/blog/?p=142
http://docstore.mik.ua/orelly/networking_2ndEd/dns/ch07_05.htm

http://www.kuqin.com/article/16dns/212998.html

转自:http://blog.sina.com.cn/s/blog_704836f40101b591.html

 类似资料:

相关阅读

说说bind、call、apply的区别?并手写实现一个bind的方法关于传统解释器,编译器和JIT编译器/解释器的说明JSX道具不应该使用.bind()-如何避免使用bind?使用maven2用jdk1.5编译项目使用Notepad ++编译Java代码

相关文章

2.5 Verilog 编译指令什么是编译器?Java11 免编译启动动态编译之JavassistMyBatis bind标签

相关问答

使用java api进行编译使用Maven编译JRXML时ClassNotFoundExceptionIntelliJ使用Java8编译Java7 JRESDK编译器如何编译编译器?关于JIT编译器和解释器的说明

相关文档

PSV 用户指南使用说明书微 PE 优盘工具箱 使用说明书Android 开机 和 编译系统 和 binderMarkdown 语法说明小米翻译用户文档
快捷导航: 新手教程 算法原理 架构设计 Java进阶 数据库进阶 大厂专栏 面试经验 编程笔记 编程问答 所有专题 文档资料 工具软件 电子书籍 小牛导航
在线工具: 房贷计算器 个税计算器 Linux命令查询 Json格式化 正则表达式 颜色转换 AES加解密 SHA1加密 MD5加密 毒鸡汤 字数统计 随机密码生成 进制转换 Base64编解码 励志句子
Copyright © 2019-2024 小牛知识库@xnip.cn. All Rights Reserved.