Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
07-04-2014, 12:58 AM
|
#1
|
LQ Newbie
Registered: Dec 2013
Posts: 28
Rep:
|
Include file into bind acl directive !!
Can i include file in bind acl {} directive? I need to include 1800+ ip prefixes into acl for directing their traffic to specific server using bind. I want to put those prefixes into a file and include it into acl. Like following
acl "caching" {
inlcude "/etc/prefixes"
};
But it gives the following error and bind doesn't start :-
Error in named configuration:
/etc/named.conf:45: missing ';' before '"'
FILE :-
/etc/prefixes :-
1.1.1.1/8;
10.2.5.1/24;
|
|
|
07-04-2014, 03:44 AM
|
#2
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,200
|
Quote:
Can i include file in bind acl {} directive?
|
You can't
What you can do, if you don't want to bloat named.conf with the 1800+ IPs, is to create the file /etc/prefixes containing the the acl name and the 1800+ IPs, like:
Code:
acl caching {
1.1.1.1/8;
10.2.5.1/24;
};
and use that acl inside another acl in named.conf:
...
Code:
acl blah {
caching;
};
Regards
|
|
|
07-07-2014, 04:11 PM
|
#3
|
LQ Newbie
Registered: Dec 2013
Posts: 28
Original Poster
Rep:
|
@bathody thanks. I have configured the acl, i have another issue now.I am trying to configure master/slave bind with view directives. I have two VIEW directives for same zone, one for local ISP clients(INTERNAL) and other for EXTERNAL(ANY REQUESTS). Slave is fetching the zones from master, but both internal and external zones contain the same contents (the contents of EXTERNAL). Following is the configuration on master/slave :-
MASTER :-
view "tw" {
match-clients { tw; };
zone "files.com" {
type master;
file "tw.com.db";
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
view "external" {
match-clients { any; };
zone "files.com" {
type master;
file "files.com.db";
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
include "/var/named/tw-prefixes";
acl "tw" {
caching;
};
options {
listen-on port 53 { 192.123.42.81; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
// allow-query-cache { none; };
allow-transfer {192.123.42.84;};
recursion no;
SLAVE :-
view "tw" {
match-clients { tw; };
allow-query { any; };
zone "files.com" {
type slave;
masters {192.123.42.81;};
file "slaves/tw.com.db";
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
view "external" {
match-clients { any; };
allow-query { any; };
zone "files.com" {
type slave;
masters {192.123.42.81;};
file "slaves/files.com.db";
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
include "/var/named/tw-prefixes";
acl "tw" {
caching;
};
options {
listen-on port 53 { 192.123.42.84; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
// allow-query-cache { none; };
recursion no;
|
|
|
07-08-2014, 12:23 AM
|
#4
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,200
|
Hi.
I've answered your other post here.
Please don't cross-post.
|
|
1 members found this post helpful.
|
07-08-2014, 12:29 AM
|
#5
|
LQ Newbie
Registered: Dec 2013
Posts: 28
Original Poster
Rep:
|
Yes bathory, i am sorry for it. I've fixed it. I'll be careful next time.
Last edited by shahzaibcb; 07-08-2014 at 12:32 AM.
|
|
|
07-10-2014, 12:45 AM
|
#6
|
LQ Newbie
Registered: Dec 2013
Posts: 28
Original Poster
Rep:
|
@Bathody, my DNS is live now. I have added my local client machine's public ip in bind caching acl to route my client's ip to specific server. Now when i ping to the domain. It doesn't resolve into any ip and /var/log/messages show the following ip instead my modem's ip is 39.2.4.32.
Jul 10 01:42:41 dns named[812]: client 182.190.0.21#35126: view external: query (cache) 'domain.files.com/A/IN' denied
it is trying to resolve my ip to the external zone. Why the ip is wrong in logs? There should be my modem's ip.
view "tw" {
match-clients { caching; };
zone "files.com" {
type master;
file "files.com.tw";
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
};
acl "caching" {
39.0.0.0/8;
};
options {
listen-on port 53 { 210.22.172.81; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-query-cache { none; };
I am not getting the issue here. :-(
Regards.
|
|
|
07-10-2014, 01:59 AM
|
#7
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,200
|
Quote:
it is trying to resolve my ip to the external zone. Why the ip is wrong in logs? There should be my modem's ip.
|
I don't know. It's clearly a networking issue. Using that IP it falls into external view, so it denies query.
You can add that IP (or subnet) in the caching ACL, so it works as expected.
|
|
|
07-10-2014, 05:36 AM
|
#8
|
LQ Newbie
Registered: Dec 2013
Posts: 28
Original Poster
Rep:
|
This is the problem http://backreference.org/2010/02/01/...dns-with-bind/
Note that our DNS server will almost never be queried directly by the end clients that need to access the service; rather, it will be queried by other DNS servers that want to resolve the names on behalf of their clients. However, it's reasonable to assume that end clients will generally be using DNS servers that are geographically close to them (for example, their company's or their ISP's DNS). Sure, there will be exceptions, but the worst that can happen is that, say, an asian client is sent to the european server, for example, so it's not really something to worry about, and geoIP information cannot be 100% accurate anyway, so those things would probably happen in any case.
I am trying to route public ips towards the acl rather it should be DNS servers.
|
|
|
07-10-2014, 10:58 AM
|
#9
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,200
|
What problem? If you're trying to implement geoIP, follow the instructions and you'll be ok.
|
|
|
07-10-2014, 11:17 AM
|
#10
|
LQ Newbie
Registered: Dec 2013
Posts: 28
Original Poster
Rep:
|
Well, i am not sure to call it GEOIP. Maybe, you can call it ISP based caching. Because, we only need to route those ip prefixes towards the local caching server(located in ISP) which are provided by our ISP(located in local country) and route the rest to the main servers located in U.S. Can bind work with 2000+ ip Prefixes ? We need to route requests coming from 2000+ ip prefixes CIDR notations using bind VIEW clause towards the local caching server's ip.
|
|
|
07-10-2014, 12:52 PM
|
#11
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,200
|
Quote:
Originally Posted by shahzaibcb
Well, i am not sure to call it GEOIP. Maybe, you can call it ISP based caching. Because, we only need to route those ip prefixes towards the local caching server(located in ISP) which are provided by our ISP(located in local country) and route the rest to the main servers located in U.S. Can bind work with 2000+ ip Prefixes ? We need to route requests coming from 2000+ ip prefixes CIDR notations using bind VIEW clause towards the local caching server's ip.
|
I don't think that there should be a problem, given that you have enough memory available.
Bind loads everything in memory when it starts, so those 2000+ ips could consume a lot of RAM
|
|
|
07-10-2014, 01:22 PM
|
#12
|
LQ Newbie
Registered: Dec 2013
Posts: 28
Original Poster
Rep:
|
When i remove or add some ip prefix into the file which is included in acl {}. The changes doesn't occur instead i have to reboot the openvz container 3~4 times in order for changing to take effect. What could be the issue, rndc flush, rndc reload etc are not helping here.
|
|
|
07-10-2014, 02:23 PM
|
#13
|
LQ Newbie
Registered: Dec 2013
Posts: 28
Original Poster
Rep:
|
|
|
|
07-11-2014, 12:23 AM
|
#14
|
LQ Guru
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,200
|
Quote:
Originally Posted by shahzaibcb
|
D'oh, I cannot understand your problem. If I configure the google dns (8.8.8.8) as my resolver, you'll see the query coming from it when I'll try to resolve your domain
Last edited by bathory; 07-11-2014 at 12:30 AM.
|
|
|
07-11-2014, 07:43 AM
|
#15
|
LQ Newbie
Registered: Dec 2013
Posts: 28
Original Poster
Rep:
|
you're right. Is there a way i can overcome this problem ? We need to cache videos on our local caching server in ISP. Only way i know, is to route requests coming from ISP ip prefixes towards the local caching server.
Do you have better solution for caching ? I can't use geoip caching cause its on region/country base. Our ISP doesn't allow any other ip to watch the cached content from their caching Server. So i need to be more specific for caching.a
|
|
|
All times are GMT -5. The time now is 02:07 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|