Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Error when using GeoIP

1,032 views
Skip to first unread message

Ali Jawad

unread,
Jul 1, 2014, 10:37:44 AM7/1/14
to bind-...@lists.isc.org
Hi
I did compile 9.10 with --with-geoip , did the config as follows :

In options 

geoip-directory "/usr/share/GeoIP/GeoIP.dat";

in zones


acl "US" {

  geoip country US;

};



view "US" {

     match-clients { US; };  //Once I add this it throws the error below *******

     include "/etc/named.rfc1912.zones";

     include "/etc/dk.sites.list";


};



Once I add the match-clients line it throws the error  below on starting :

/etc/named.conf:47: no GeoIP database installed which can answer queries of type 'country'


geoiplookup ip.ip.ip.ip works, so I doubt that is the issue,  I did try geoip-directory "/usr/share/GeoIP"; instead of full path but that did not make any difference.


Any hints ?


Tony Finch

unread,
Jul 1, 2014, 10:52:10 AM7/1/14
to Ali Jawad, bind-...@lists.isc.org
Ali Jawad <alij...@gmail.com> wrote:
>
> acl "US" {
> geoip country US;
> };
>
> view "US" {
> match-clients { US; }; //Once I add this it throws the error below
> };
>
> /etc/named.conf:47: no GeoIP database installed which can answer queries of type 'country'

This is a bug in 9.10.0 which will be fixed in 9.10.1. Until then there is
a patch: https://lists.isc.org/pipermail/bind-users/2014-May/093083.html

The workaround is to put the geoip country directive in the match-clients
clause itself rather than going via a named acl.

Tony.
--
f.anthony.n.finch <d...@dotat.at> http://dotat.at/
Southeast Rockall, Malin: Variable 4, becoming southwesterly 5 to 7, perhaps
gale 8 later. Slight or moderate, becoming moderate or rough later. Rain
later. Good, occasionally poor.

Ali Jawad

unread,
Jul 1, 2014, 12:47:25 PM7/1/14
to Tony Finch, bind-...@lists.isc.org
Hi Tony
I did try  match-clients {    geoip country US; };  but that yielded the same error. Which is weird, I did actually submit the bug with the above patch in RC2 and inline worked at the time . Will try the patch, let me know if you have input on the match-clients please. As I did already build the RPM to be deployed across my servers, and it will save me some time.
Thanks 

Jeremy C. Reed

unread,
Jul 1, 2014, 2:33:59 PM7/1/14
to Ali Jawad, bind-...@lists.isc.org
> geoip-directory "/usr/share/GeoIP/GeoIP.dat";

Should be a directory.

>
> in zones
>
>
> acl "US" {
>
>   geoip country US;
>
> };
>
>
>
> view "US" {
>
>      match-clients { US; };  //Once I add this it throws the error below
> *******
>
>      include "/etc/named.rfc1912.zones";
>
>      include "/etc/dk.sites.list";
>
>
> };
>
>
>
> Once I add the match-clients line it throws the error  below on starting :
>
> /etc/named.conf:47: no GeoIP database installed which can answer queries of
> type 'country'
>
>
> geoiplookup ip.ip.ip.ip works, so I doubt that is the issue,  I did try
> geoip-directory "/usr/share/GeoIP"; instead of full path but that did not
> make any difference.
>
>
> Any hints ?

Look at logs please. Do you have an "initializing GeoIP Country" line?

Like:
30-Apr-2014 22:11:17.908 initializing GeoIP Country (IPv4) (type 1) DB

Double-check that /usr/share/GeoIP/ is correct and that you have the
correct database(s) there.

Ali Jawad

unread,
Jul 1, 2014, 2:41:32 PM7/1/14
to Jeremy C. Reed, bind-...@lists.isc.org
Hi Jeremy
Thanks for chipping in. Usual as ever. So I did actually use geoip-directory "/usr/share/GeoIP";  

and ls of that dir is 

[root@uk etc]# ls -lart /usr/share/GeoIP/ 

-rw-r--r--   1 root root 1206078 Jul  1 10:08 GeoIP.dat



The output from the logs is 

Jul  1 14:38:56 uk named[1795]: using "/usr/share/GeoIP" as GeoIP directory

Jul  1 14:38:56 uk named[1795]: GeoIP Country (IPv4) (type 1) DB not available

Jul  1 14:38:56 uk named[1795]: GeoIP Country (IPv6) (type 12) DB not available

Jul  1 14:38:56 uk named[1795]: GeoIP City (IPv4) (type 2) DB not available

Jul  1 14:38:56 uk named[1795]: GeoIP City (IPv4) (type 6) DB not available

Jul  1 14:38:56 uk named[1795]: GeoIP City (IPv6) (type 30) DB not available

Jul  1 14:38:56 uk named[1795]: GeoIP City (IPv6) (type 31) DB not available

Jul  1 14:38:56 uk named[1795]: GeoIP Region (type 3) DB not available

Jul  1 14:38:56 uk named[1795]: GeoIP Region (type 7) DB not available

Jul  1 14:38:56 uk named[1795]: GeoIP ISP (type 4) DB not available

Jul  1 14:38:56 uk named[1795]: GeoIP Org (type 5) DB not available

Jul  1 14:38:56 uk named[1795]: GeoIP AS (type 9) DB not available

Jul  1 14:38:56 uk named[1795]: GeoIP Domain (type 11) DB not available

Jul  1 14:38:56 uk named[1795]: GeoIP NetSpeed (type 10) DB not available

Jeremy C. Reed

unread,
Jul 1, 2014, 2:56:20 PM7/1/14
to Ali Jawad, bind-...@lists.isc.org
On Tue, 1 Jul 2014, Ali Jawad wrote:

> [root@uk etc]# ls -lart /usr/share/GeoIP/ 
>
> -rw-r--r--   1 root root 1206078 Jul  1 10:08 GeoIP.dat
>
>
>
> The output from the logs is 
>
> Jul  1 14:38:56 uk named[1795]: using "/usr/share/GeoIP" as GeoIP directory
>
> Jul  1 14:38:56 uk named[1795]: GeoIP Country (IPv4) (type 1) DB not
> available
>
> Jul  1 14:38:56 uk named[1795]: GeoIP Country (IPv6) (type 12) DB not
> available

You may want to try another database. I use GeoLiteCity.dat for
testing. Make a symlink to it named /usr/share/GeoIP/GeoIP.dat

Maybe your geoiplookup tools appears to work but is providing different
results not identified as "country"? Does your geoiplookup output say
"GeoIP Country Edition"?


Ali Jawad

unread,
Jul 1, 2014, 3:09:42 PM7/1/14
to Jeremy C. Reed, bind-...@lists.isc.org
Hi Jeremy
Yes it does see the below

[root@uk ~]# geoiplookup ip.ip.ip.ip

GeoIP Country Edition: US, United States


A bummer though, as I have purchased the Maxmind Country edition. 

When I did try to install GeoLiteCity.dat I got the error below


  file /usr/share/GeoIP/GeoIP.dat from install of geoip-geolite-2013.04-1.el6.noarch conflicts with file from package GeoIP-1.4.8-1.el6.x86_64

Is geoip-geolite not provided by maxmind ?


Regards

Mukund Sivaraman

unread,
Jul 1, 2014, 3:16:59 PM7/1/14
to Ali Jawad, bind-...@lists.isc.org, Jeremy C. Reed
Hi Ali

On Tue, Jul 01, 2014 at 08:41:32PM +0200, Ali Jawad wrote:
> [root@uk etc]# ls -lart /usr/share/GeoIP/
>
> -rw-r--r-- 1 root root 1206078 Jul 1 10:08 GeoIP.dat

Though this is not the problem causing the failure:

This filesize looks too large for it to be the current country database
GeoIP.dat (~600KB) and too small to be the current city database
GeoLiteCity.dat (~17MB). Please check if this database is correct.

> The output from the logs is
>
> Jul 1 14:38:56 uk named[1795]: using "/usr/share/GeoIP" as GeoIP directory
>
> Jul 1 14:38:56 uk named[1795]: GeoIP Country (IPv4) (type 1) DB not
> available

This codepath reporting this error does a stat() call inside the GeoIP
library to check if the corresponding file exists. The named process
would need permission to access this directory. Check the permissions on
/usr/share/GeoIP/, etc.

Mukund

Ali Jawad

unread,
Jul 1, 2014, 3:24:38 PM7/1/14
to Mukund Sivaraman, bind-...@lists.isc.org, Jeremy C. Reed
Hi Mukund
This is the paid version of the DB, tailing that file states 

GEO-106 20140624 Build 1 Copyright (c) 2014 MaxMind Inc All Rights Reserved

As said it does work with the geoiplookup tool. 

seLinux is disabled and permissions for files are default on a fresh system..see below for GeoIP dir under /usr/share

drwxr-xr-x    2 root root  4096 Jul  1 10:11 GeoIP



BUT !!!!

You sent me the right direction, I am chrooting my named server, so naturally the location bind is looking is /var/named/chroot/usr/share/GeoIP not /usr/share/GeoIP


So putting the GeoIP.dat file there actually worked !!

Now I only have to edit the cronjob to copy the updated GeoIP.dat file to the chroot when Maxmind updates.

Thanks !


Regards


0 new messages