add a bit more content for GeoIP

diff --git a/input/dsablog/2009/06/GeoIP.mdwn b/input/dsablog/2009/06/GeoIP.mdwn
index 1e95bd3..b0d7594 100644 (file)
--- a/input/dsablog/2009/06/GeoIP.mdwn
+++ b/input/dsablog/2009/06/GeoIP.mdwn
@@ -1 +1,79 @@
-Debian System Admins currently play around with a patched version of bind9 to implement GeoDNS for security.debian.org. 
+DSA is currently play around with a patched version of bind9 (based on a
+patch we received from kernel.org people) to implement GeoDNS for
+security.debian.org. You might have noticed, that we currently have a
+round robin list of up to seven hosts in the security.debian.org
+rotation. Depending on time and luck your apt currently might pick a
+host which is located half around the globe for you, resulting in
+sometimes really slow download rates. 
+
+## Idea
+
+The current idea is only present a list of security mirrors to you which
+is located on the continent you live on. That won't work for all
+continents at the moment, we are aware of that. For that reason we are
+in paralell currently moving machines around the globe, to get that
+fixed in foreseeable future.
+
+## Technique
+
+The patch we used for bind9 uses
+[libgeoip](http://packages.debian.org/geoip) and [MaxMind's GeoLite
+Country database](http://www.maxmind.com/app/geolitecountry).
+
+As we don't want to break security.debian.org at this stage of our
+testing, we decided to add a new subdomain security.geo.debian.org which
+with we are currently playing.
+
+Having an ACL for EU defining all the countries belonging to the
+European Subcontinent, a config sniplet for security.debian.org's zone
+looks like this:
+
+<pre>
+// Europe
+acl Europe {
+        country_AD;
+        country_AL;
+        country_AT;
+        country_AX;
+        country_BA;
+        country_BE;
+        country_BG;
+        country_BY;
+        country_CH;
+        country_CZ;
+        country_DE;
+        country_DK;
+        country_EE;
+        country_ES;
+        country_FI;
+        country_FO;
+       ...
+}
+</pre>
+
+<pre>
+view "EU" {
+        match-clients {
+                EU;
+        };
+        zone "security.geo.debian.org" {
+                type master;
+                file "/etc/bind/zones/security.debian.org.EU.zone";
+                notify no;
+        };
+};
+</pre>
+
+To be sure we don't miss any contries, we added an additional view
+default, to catch what we didn't catch with the country codes:
+
+<pre>
+view "other" {
+        match-clients { any; };
+        zone "security.geo.debian.org" {
+                type master;
+                file "/etc/bind/db.security.debian.org";
+                notify no;
+        };
+};
+</pre>