named can no longer use the EDNS CLIENT-SUBNET option for view selection. In its existing form, the authoritative ECS feature was not fully RFC-compliant, and could not realistically have been deployed in production for an authoritative server; its only practical use was for testing and experimentation. In the interest of code simplification, this feature has now been removed.The ECS option is still supported in dig and mdig via the +subnet argument, and can be parsed and logged when received by named, but it is no longer used for ACL processing. The geoip-use-ecs option is now obsolete; a warning will be logged if it is used in named.conf. ecs tags in an ACL definition are also obsolete, and will cause the configuration to fail to load if they are used. [GL #32]
If in front of your dns authoritive DNS server you have load balancer like dnsdist, and you use „useClientSubnet=true“ into his configuration, the views in bind are going useless.
So the possible way to do similar things is to use dnsdist and to implement bind views into dnsdist using configuration like this …
It’s funny to see that in ipv6 worlds my site is 6 hop away. In ipv4 it’s 7 hops away.
Jordan-Ostreffs-MBP:~ jostreff$ traceroute6 www.ostreff.info
traceroute6 to jsp.ostreff.info (2001:470:1f0a:1830::2) from 2001:470:1f15:1303:31ca:10e:17ec:fdd8, 64 hops max, 12 byte packets
1 2001:470:1f15:1303:ba8d:12ff:fe5b:1ff0 1.168 ms 1.502 ms 0.762 ms
2 jostreff-1.tunnel.tserv11.ams1.ipv6.he.net 37.673 ms 36.499 ms 36.333 ms
3 10ge11-20.core1.ams1.he.net 35.521 ms 33.730 ms 51.334 ms
4 100ge5-1.core1.fra1.he.net 44.787 ms 37.329 ms 41.756 ms
5 tserv1.fra1.he.net 42.740 ms 42.329 ms 43.809 ms
6 jostreff-2-pt.tunnel.tserv6.fra1.ipv6.he.net 75.220 ms 72.095 ms 72.247 ms
Jordan-Ostreffs-MBP:~ jostreff$ traceroute www.ostreff.info
traceroute to jsp.ostreff.info (220.127.116.11), 64 hops max, 52 byte packets
1 10.0.1.1 (10.0.1.1) 1.455 ms 0.874 ms 0.847 ms
2 82-137-110-2.ip.btc-net.bg (18.104.22.168) 2.043 ms 1.629 ms 1.429 ms
3 83-228-105-49.ip.btc-net.bg (22.214.171.124) 7.621 ms 8.028 ms 7.951 ms
4 83-228-105-50.ip.btc-net.bg (126.96.36.199) 13.347 ms 11.934 ms 10.202 ms
5 * * *
6 classic.classic-bg.net (188.8.131.52) 13.115 ms 9.090 ms 8.943 ms
7 classic.classic-bg.net (184.108.40.206) 9.356 ms 9.351 ms 9.125 ms
Here’s how I got my bash script for my daily mysqldump database backups to work more securely. 1. First use mysql_config_editor (comes with mysql 5.6+) to set up the encrypted password file. Suppose your username is „db_user“. Running from the shell prompt:
mysql_config_editor set –login-path=local –host=localhost –user=db_user –password
It prompts for the password. Once you enter it, the user/pass are saved encrypted. Of course, change „system_username“ to your username on the server.