at work we’ll soon make use of dns-based geo load balancing to have users in americas \/ asia ‘talk’ with north am site and rest of the world – with the european site. we preferred to avoid modifying the client application so the dns based solution seemed reasonable. below – quick overview of the setup under debian.
\n
\ninstall bind:<\/p>\n
\r\napt-get install bind9\r\n<\/pre>\nas described in https:\/\/wiki.debian.org\/Bind9#Bind_Chroot :<\/p>\n
\r\n\/etc\/init.d\/bind9 stop\r\n<\/pre>\n<\/li>\n
\r\nOPTIONS="-u bind -t \/var\/bind9\/chroot"\r\nPIDFILE=\/var\/bind9\/chroot\/var\/run\/named\/named.pid\r\n<\/pre>\n<\/li>\n
\r\nmkdir -p \/var\/bind9\/chroot\/{etc,dev,var\/cache\/bind,var\/run\/named}\r\nmknod \/var\/bind9\/chroot\/dev\/null c 1 3\r\nmknod \/var\/bind9\/chroot\/dev\/random c 1 8\r\nchmod 660 \/var\/bind9\/chroot\/dev\/{null,random}\r\nmv \/etc\/bind \/var\/bind9\/chroot\/etc\r\nln -s \/var\/bind9\/chroot\/etc\/bind \/etc\/bind \r\nchown -R bind:bind \/etc\/bind\/*\r\nchmod 775 \/var\/bind9\/chroot\/var\/{cache\/bind,run\/named}\r\nchgrp bind \/var\/bind9\/chroot\/var\/{cache\/bind,run\/named}\r\n<\/pre>\n<\/li>\n\r\necho "\\$AddUnixListenSocket \/var\/bind9\/chroot\/dev\/log" > \/etc\/rsyslog.d\/bind-chroot.conf\r\n<\/pre>\n<\/li>\n
\r\n\/etc\/init.d\/rsyslog restart; \/etc\/init.d\/bind9 start\r\n<\/pre>\n<\/li>\n<\/ul>\ndebian’s bind9 supports geoip out of the box – it’s already patched. normally the geoip database is kept in debian under \/usr\/share\/GeoIP\/GeoIP.dat ; since bind is chrooted we need to copy that file:<\/p>\n
\r\napt-get install geoip-database\r\nmkdir -p \/var\/bind9\/chroot\/usr\/share\/GeoIP\/\r\ncp \/usr\/share\/GeoIP\/* \/var\/bind9\/chroot\/usr\/share\/GeoIP\/\r\n<\/pre>\nthis database should be updated periodically, in both locations.<\/p>\n
to make use of the ‘split view’ configuration where we define different responses depending on the country from which dns request has arrive i:<\/p>\n
\r\nview "sweden" {\r\n match-clients { country_SE; };\r\n allow-recursion { recurseallow_acl; };\r\n zone "test.kudzia.eu" {\r\n type master;\r\n file "\/etc\/bind\/zones\/sweden-test.kudzia.eu";\r\n notify no;\r\n };\r\n include "\/etc\/bind\/otherZones.conf";\r\n include "\/etc\/bind\/named.conf.default-zones";\r\n};\r\nview "other" {\r\n match-clients { any; };\r\n allow-recursion { recurseallow_acl; };\r\n zone "geo.test.kudzia.eu" {\r\n type master;\r\n file "\/etc\/bind\/zones\/rest-test.kudzia.eu";\r\n notify no;\r\n };\r\n include "\/etc\/bind\/otherZones.conf";\r\n include "\/etc\/bind\/named.conf.default-zones";\r\n};\r\n<\/pre>\nthis might look convoluted but makes sense. to avoid duplication zones that do not require geo-dns are defined in otherZones.conf and only the part that needs to be geo-dependent goes to \/var\/bind9\/chroot\/etc\/bind\/rest-test.kudzia.eu and \/var\/bind9\/chroot\/etc\/bind\/sweden-test.kudzia.eu.<\/p>\n
for me it even made sense to have main records s1.test.kudzia.eu and s2.test.kudzia.eu use CNAME to point to s1.geo.test.kudzia.eu and s2.geo.test.kudzia.eu and have only the geo.test.kudzia.eu zone configured with 2 different views depending on the geo-location of the dns resolver sending us the query.\n<\/li>\n<\/ul>\n
secondary dns server[s] will not be able to use ordinary zone transfer mechanism for the zones that provide different responses based on geoip lookup. configure it as if it was a master and copy the zone files\/configs manually whenever they get changed.<\/p>\n
2013-12-08<\/b> i’ve been using this setup in the production for the last few weeks and all seems fine. i’m getting some percent of ‘incorrect’ assignments – especially users from the UK end up on the north american servers instead of european ones [ google dns users? ] – but it’s not grave. having a dns server that understands edns-client-subnet<\/a> would be nice, but it seems quite cumbersome – i’d have to notify operators like google, easydns and others that i can ‘understand’ this record correctly – this does not seem scalable. related question<\/a> on the serverfault.<\/p>\nhelpful materials:<\/p>\n
\n- http:\/\/www.caraytech.com\/geodns\/<\/li>\n
- https:\/\/wiki.debian.org\/Bind9#Bind_Chroot<\/li>\n
- http:\/\/www.criten.org\/2011\/08\/bind-with-geoip-on-debian\/<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"
at work we’ll soon make use of dns-based geo load balancing to have users in americas \/ asia ‘talk’ with north am site and rest of the world – with the european site. we preferred to avoid modifying the client application so the dns based solution seemed reasonable. below – quick overview of the setup […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"class_list":["post-1869","post","type-post","status-publish","format-standard","hentry","category-tech"],"_links":{"self":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/1869","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/comments?post=1869"}],"version-history":[{"count":17,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/1869\/revisions"}],"predecessor-version":[{"id":1967,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/posts\/1869\/revisions\/1967"}],"wp:attachment":[{"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/media?parent=1869"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/categories?post=1869"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kudzia.eu\/b\/wp-json\/wp\/v2\/tags?post=1869"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}