[master] ECS authoritative support

3936. [func] Added authoritative support for the EDNS Client Subnet (ECS) option. ACLs can now include "ecs" elements which specify an address or network prefix; if an ECS option is included in a DNS query, then the address encoded in the option will be matched against "ecs" ACL elements. Also, if an ECS address is included in a query, then it will be used instead of the client source address when matching "geoip" ACL elements. This behavior can be overridden with "geoip-use-ecs no;". When "ecs" or "geoip" ACL elements are used to select a view for a query, the response will include an ECS option to indicate which client network the answer is valid for. (Thanks to Vincent Bernat.) [RT #36781]
2014-08-28 22:05:57 -07:00
parent 180319f572
commit d46855caed
35 changed files with 1155 additions and 357 deletions
--- a/bin/tests/system/geoip/data/GeoIP.csv
+++ b/bin/tests/system/geoip/data/GeoIP.csv
@@ -5,3 +5,4 @@
 10.53.0.5/32 CL
 10.53.0.6/32 DE
 10.53.0.7/32 EH
+192.0.2/24 O1
--- a/bin/tests/system/geoip/data/GeoIP.dat
+++ b/bin/tests/system/geoip/data/GeoIP.dat
--- a/bin/tests/system/geoip/data/README
+++ b/bin/tests/system/geoip/data/README
@@ -18,8 +18,8 @@ GeoIPDoain.dat: Domain Name
 GeoIPASNum.dat: AS Number
 GeoIPNetSpeed.dat: Net Speed

-GeoIP.dat can also be generated using the open source 'geoip-csv-to-dat'
-utility:
+GeoIP.dat can also be egenerated using the open source 'geoip-csv-to-dat'
+utility (also known in some packages as "geoip-generator"):

 $ geoip-csv-to-dat -i "BIND9 geoip test data v1" -o GeoIP.dat << EOF
 "10.53.0.1","10.53.0.1","171245569","171245569","AU","Australia"
@@ -29,4 +29,5 @@ $ geoip-csv-to-dat -i "BIND9 geoip test data v1" -o GeoIP.dat << EOF
 "10.53.0.5","10.53.0.5","171245573","171245573","CL","Chile"
 "10.53.0.6","10.53.0.6","171245574","171245574","DE","Germany"
 "10.53.0.7","10.53.0.7","171245575","171245575","EH","Western Sahara"
+"192.0.2.0","192.0.2.255","3221225984","3221226239","O1","Other"
 EOF