Implementing Geo-aware DNS using BIND with IP2Location Database
This article illustrates how to use the IP2Location IP-Country Database (DB1) to implement a geolocation feature in a BIND DNS server easily. The two concepts we are applying to BIND are “Access Control List” and “Views”. There is no need to patch the BIND source codes using this method.
Step 1. Download the IP2Location IP-COUNTRY (DB1) database in ACL format which is available upon subscription. Below is a sample of the file which allows you to cover all CIDR IP address range by country.
acl "US" { 3.0.0.0/8; 4.0.0.0/25; 4.0.0.128/26; 4.0.0.192/28; 4.0.0.208/29; 4.0.0.216/30; 4.0.0.220/31; 4.0.0.222/32; 4.0.0.224/32; 4.0.0.227/32; 4.0.0.232/32; 4.0.0.234/31; 4.0.0.236/30; 4.0.0.240/28; 4.0.1.0/25; 217.244.15.88/29; 218.52.57.128/26; 218.189.13.0/28; 218.248.9.16/29; 221.134.81.60/30; 221.134.81.64/29; };
Step 2. Save the acl file to a local directory “YOUR_DIR/IP2LOCATION-IP-COUNTRY.ACL.TXT”.
Step 3. Add the include line into the BIND configuration file “named.conf”.
include "YOUR_DIR/IP2LOCATION-IP-COUNTRY.ACL.TXT";
Step 4. Create custom views within BIND based on the country information. For example:
view "north_america" { match-clients { US; CA; MX; }; recursion no; zone "foos.com" { type master; file "pri/foos-north-america.db"; }; }; view "south_america" { match-clients { AR; BR; BO; CL; CO; EC, PE; PY; UY; VE; }; recursion no; zone "foos.com" { type master; file "pri/foos-south-america.db"; }; }; view "other" { match-clients { any; }; recursion no; zone "foos.com" { type master; file "pri/foos-other.db"; }; };
Step 5. Restart your BIND service to take effect.