Bind(Berkeley Internet Name Daemon)와 Maxmind의 GeoIP Country Database를 이용하여 구축합니다.

ISC 에서 최신의 BInd를 다운로드와 압축을 풀어줍니다.
http://www.isc.org/downloads

[[email protected] ~]# cd /usr/local/src
[[email protected] /usr/local/src]# wget http://ftp.isc.org/isc/bind9/9.7.2-P2/bind-9.7.2-P2.tar.gz
[[email protected] /usr/local/src]# tar xzvf bind-9.7.2-P2.tar.gz

Maxmind에서 GeoIP를 다운로드 후 설치 합니다

[[email protected] ~]# cd /usr/local/src
[[email protected] /usr/local/src]# wget http://geolite.maxmind.com/download/geoip/api/c/GeoIP.tar.gz
[[email protected] /usr/local/src]# tar xzvf GeoIP.tar.gz
[[email protected] /usr/local/src]# cd GeoIP
[[email protected] /usr/local/src/GeoIP]# ./configure
[[email protected] /usr/local/src/GeoIP]# make ; make install

Bind에 GeoIP 패치를 적용합니다.
http://code.google.com/p/bind-geoip/downloads/list

[[email protected] ~]# cd /usr/local/src/bind-9.7.2-P2
[[email protected] /usr/local/src/bind-9.7.2-P2]# wget http://bind-geoip.googlecode.com/files/bind-geoip-1.3.patch
[[email protected] /usr/local/src/bind-9.7.2-P2]# patch -p0 < bind-geoip-1.3.patch
Hmm… Looks like a unified diff to me…
The text leading up to this was:
————————–
|— version.orig 2010-05-31 18:02:33.000000000 -0700
|+++ version 2010-06-14 12:31:10.121534325 -0700
————————–
Patching file version using Plan A…
Hunk #1 succeeded at 7 with fuzz 2.
Hmm… The next patch looks like a unified diff to me…
The text leading up to this was:
————————–
|— configure.orig 2010-05-26 16:47:44.000000000 -0700
|+++ configure 2010-06-14 12:31:10.121534325 -0700
————————–
Patching file configure using Plan A…
Hunk #1 succeeded at 41.
Hmm… The next patch looks like a unified diff to me…
The text leading up to this was:
————————–
|— lib/isccfg/aclconf.c.orig 2009-10-01 16:48:08.000000000 -0700
|+++ lib/isccfg/aclconf.c 2010-06-14 12:31:10.131481573 -0700
————————–
Patching file lib/isccfg/aclconf.c using Plan A…
Hunk #1 succeeded at 31.
Hunk #2 succeeded at 225 (offset 17 lines).
Hunk #3 succeeded at 423 (offset 17 lines).
Hmm… The next patch looks like a unified diff to me…
The text leading up to this was:
————————–
|— lib/dns/acl.c.orig 2009-01-17 15:47:42.000000000 -0800
|+++ lib/dns/acl.c 2010-06-14 12:31:10.131481573 -0700
————————–
Patching file lib/dns/acl.c using Plan A…
Hunk #1 succeeded at 29.
Hunk #2 succeeded at 441.
Hunk #3 succeeded at 494.
Hmm… The next patch looks like a unified diff to me…
The text leading up to this was:
————————–
|— lib/dns/include/dns/acl.h.orig 2009-01-17 15:47:43.000000000 -0800
|+++ lib/dns/include/dns/acl.h 2010-06-14 12:31:10.131481573 -0700
————————–
Patching file lib/dns/include/dns/acl.h using Plan A…
Hunk #1 succeeded at 52.
Hunk #2 succeeded at 194.
Hmm… The next patch looks like a unified diff to me…
The text leading up to this was:
————————–
|— lib/isc/include/isc/geoip.h.orig 2010-06-14 12:31:10.131481573 -0700
|+++ lib/isc/include/isc/geoip.h 2010-06-14 12:31:10.131481573 -0700
————————–
(Creating file lib/isc/include/isc/geoip.h…)
Patching file lib/isc/include/isc/geoip.h using Plan A…
Hunk #1 succeeded at 1.
Hmm… The next patch looks like a unified diff to me…
The text leading up to this was:
————————–
|— bin/named/geoip.c.orig 2010-06-14 12:31:10.131481573 -0700
|+++ bin/named/geoip.c 2010-06-14 12:31:10.131481573 -0700
————————–
(Creating file bin/named/geoip.c…)
Patching file bin/named/geoip.c using Plan A…
Hunk #1 succeeded at 1.
Hmm… The next patch looks like a unified diff to me…
The text leading up to this was:
————————–
|— bin/named/server.c.orig 2010-05-17 17:29:31.000000000 -0700
|+++ bin/named/server.c 2010-06-14 12:31:10.131481573 -0700
————————–
Patching file bin/named/server.c using Plan A…
Hunk #1 succeeded at 50 (offset 3 lines).
Hunk #2 succeeded at 4562 (offset 94 lines).
Hunk #3 succeeded at 4597 (offset 3 lines).
Hunk #4 succeeded at 5134 (offset 100 lines).
Hmm… The next patch looks like a unified diff to me…
The text leading up to this was:
————————–
|— bin/named/Makefile.in.orig 2009-12-05 15:31:40.000000000 -0800
|+++ bin/named/Makefile.in 2010-06-14 12:31:10.131481573 -0700
————————–
Patching file bin/named/Makefile.in using Plan A…
Hunk #1 succeeded at 87.
Hunk #2 succeeded at 102.
Hmm… The next patch looks like a unified diff to me…
The text leading up to this was:
————————–
|— configure.in.orig 2010-05-26 16:46:00.000000000 -0700
|+++ configure.in 2010-06-14 12:31:10.121534325 -0700
————————–
Patching file configure.in using Plan A…
Hunk #1 succeeded at 755 (offset 8 lines).
done

GeoIP 패치시에 configure에 대한 내용도 변경되었으니 autoconf를 이용하여 configure 를 다시 생성합니다.

[[email protected] /usr/local/src/bind-9.7.2-P2]# autoconf
configure.in:17: warning: prefer named diversions
configure.in:44: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body
../../lib/autoconf/lang.m4:194: AC_LANG_CONFTEST is expanded from…
../../lib/autoconf/general.m4:2662: _AC_LINK_IFELSE is expanded from…
../../lib/autoconf/general.m4:2679: AC_LINK_IFELSE is expanded from…
./libtool.m4:363: _LT_AC_SYS_LIBPATH_AIX is expanded from…
./libtool.m4:5560: AC_LIBTOOL_PROG_LD_SHLIBS is expanded from…
./libtool.m4:2783: _LT_AC_LANG_C_CONFIG is expanded from…
./libtool.m4:2782: AC_LIBTOOL_LANG_C_CONFIG is expanded from…
./libtool.m4:80: AC_LIBTOOL_SETUP is expanded from…
./libtool.m4:60: _AC_PROG_LIBTOOL is expanded from…
./libtool.m4:25: AC_PROG_LIBTOOL is expanded from…
configure.in:44: the top level
configure.in:44: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body
../../lib/autoconf/lang.m4:194: AC_LANG_CONFTEST is expanded from…
../../lib/autoconf/general.m4:2662: _AC_LINK_IFELSE is expanded from…
../../lib/autoconf/general.m4:2679: AC_LINK_IFELSE is expanded from…
./libtool.m4:363: _LT_AC_SYS_LIBPATH_AIX is expanded from…
./libtool.m4:2864: _LT_AC_LANG_CXX_CONFIG is expanded from…
./libtool.m4:2863: AC_LIBTOOL_LANG_CXX_CONFIG is expanded from…
./libtool.m4:1908: _LT_AC_TAGCONFIG is expanded from…
./libtool.m4:80: AC_LIBTOOL_SETUP is expanded from…
./libtool.m4:60: _AC_PROG_LIBTOOL is expanded from…
./libtool.m4:25: AC_PROG_LIBTOOL is expanded from…
configure.in:44: the top level
configure.in:44: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body
../../lib/autoconf/lang.m4:194: AC_LANG_CONFTEST is expanded from…
../../lib/autoconf/general.m4:2662: _AC_LINK_IFELSE is expanded from…
../../lib/autoconf/general.m4:2679: AC_LINK_IFELSE is expanded from…
./libtool.m4:363: _LT_AC_SYS_LIBPATH_AIX is expanded from…
./libtool.m4:5560: AC_LIBTOOL_PROG_LD_SHLIBS is expanded from…
./libtool.m4:4177: _LT_AC_LANG_GCJ_CONFIG is expanded from…
./libtool.m4:4176: AC_LIBTOOL_LANG_GCJ_CONFIG is expanded from…
./libtool.m4:1908: _LT_AC_TAGCONFIG is expanded from…
./libtool.m4:80: AC_LIBTOOL_SETUP is expanded from…
./libtool.m4:60: _AC_PROG_LIBTOOL is expanded from…
./libtool.m4:25: AC_PROG_LIBTOOL is expanded from…
configure.in:44: the top level
configure.in:793: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body
../../lib/autoconf/lang.m4:194: AC_LANG_CONFTEST is expanded from…
../../lib/autoconf/general.m4:2591: _AC_COMPILE_IFELSE is expanded from…
../../lib/autoconf/general.m4:2607: AC_COMPILE_IFELSE is expanded from…
configure.in:793: the top level

컴파일을 합니다.

[[email protected] /usr/local/src/bind-9.7.2-P2]# ./configure –prefix=/usr/local/bind9 –with-geoip=/usr/local
[[email protected] /usr/local/src/bind-9.7.2-P2]# make ; make install

GeoIP 패치가 완료 되었습니다.

[[email protected] ~]# /usr/local/bind9/sbin/named -v
BIND 9.7.2-P2-geoip-1.3

Bind의 named.conf 를 하나 생성하고 국가별 veiw 설정을 해주면 됩니다.

options {
listen-on { any; };
version “NS.YONGBOK.NET”;
};

key “rndc-key” {
algorithm hmac-md5;
secret “eDPqp0NZB/IJITIHsaRt2l2BLi7XGuaruMlKXfpleJ8=”;
};

view “all” {
match-clients { any; };
allow-query { any; };
allow-transfer { 127.0.0.1; };
allow-recursion { 127.0.0.1; 180.224.219.0/24; 10.10.10.0/24; 11.11.11.0/24; };
// recursion no;

zone “ns.yongbok.net” IN {
type master;
file “db-yongbok”;
};
zone “yongbok.net” IN {
type master;
file “db-yongbok”;
};
zone “yongbok.com” IN {
type master;
file “db-yongbok.com”;
};
zone “219.224.180.in-addr.arpa” {
type master;
file “ip-yongbok”;
};
zone “0.0.127.in-addr.arpa” {
type master;
file “loopback-yongbok”;
};
};

view “CHINA” {
match-clients { geoip_countryDB_country_CN; geoip_countryDB_country_HK; };
allow-query { any; };
allow-transfer { 127.0.0.1; };
recursion no;

zone “ns.yongbok.net” IN {
type master;
file “db-yongbok-cn”;
};
zone “yongbok.net” IN {
type master;
file “db-yongbok-cn”;
};
zone “yongbok.com” IN {
type master;
file “db-yongbok.com-cn”;
};
zone “219.224.180.in-addr.arpa” {
type master;
file “ip-yongbok-cn”;
};
zone “0.0.127.in-addr.arpa” {
type master;
file “loopback-yongbok-cn”;
};
};

참고
http://www.caraytech.com/geodns/
http://code.google.com/p/bind-geoip/wiki/UsageGuide