From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] Add GeoIP location to nameservers Date: Sun, 10 Jan 2016 22:15:43 +0000 Message-ID: <1452464143.5665.14.camel@ipfire.org> In-Reply-To: <569285E6.6060601@web.de> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3802108271268715458==" List-Id: --===============3802108271268715458== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Hi, On Sun, 2016-01-10 at 17:25 +0100, IT Superhack wrote: > Hello Michael, hello Matthias, > > Michael Tremer: > > Just out of curiosity, why do you find this information so helpful? > > As Matthias said already, is is more a "nice to have" than something > which is seriously needed. This is not too much of an argument. My argument against this is that it brings down page load times because of a not too useful information. > I wrote this patch because a friend of mine in France discovered that > his ISP assigns DNS servers from Australia and Great Britain, which > was slowing down DNS resolving a lot. I get that and this is actually a pretty good one. That only leaves resolvers like 8.8.8.8 which will show "US" but actually are located at many places around the world. Let's hope that people don't get the wrong thing from the flag - or actually start changing their DNS servers to something else :) > Therefore I thougt it might be useful to see in which countries your > DNS servers are located, just in case you didn't set some by your > own. It is sometimes. Although geographic location doesn't mean that it is close on the network. A system in GB is probably not an issue. Australia actually is a bit far away. > In general, adding geographic information to IP addresses is very > helpful in my point of view because anomalies can be detected much > better and more precise firewall rules are possible. I don't get why. > However, some thing might still be improved: For example, the > ipinfo.cgi > file shows the IP address, the rDNS name, whois information, but not > the appropriate flag. So, if someone scrolls through the connection > tracking > page, he/she/it sees the source and destination IPs of any active > (and > recently closed) connection. At the moment, there is no way of > telling > which country an IP belongs to - without using additional web > services, of > course - since the flag is shown neither at the connection tracking > page > nor at the ipinfo.cgi page. This isn't very helpful, is it? The ipinfo.cgi page shows the whois information for an IP address. That may contain the name and HQ location of a company this IP address belongs to, but that does *not* mean that the host is actually located in that country - and almost certainly not at that address. The GeoIP database is a completely different thing. Judging by the location of the host does make any sense if you care about security. > > That is basically the motivation behind the two patches I submitted > recently. > > Best regards, > Timmothy Wilson > --===============3802108271268715458== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KVmVyc2lvbjogR251UEcgdjEKCmlRSWNCQUFC Q2dBR0JRSldrdGdQQUFvSkVJQjU4UDl2a0FrSE54Y1AvMDZHZmJQUm1YSlh1UzZKVXIwbXhRY1QK b2IzTmN2QXFxc0Z4L25FYTQzTjdldU5rVjBMN1poYnJ4UitGZ0g0cHdmK09GZFdsR0hIRk53dEg1 UGdQYzFJUgpSY1NnczZiN1NxdXVGSDNTMDJ5QmJZazBuVm1SMnE0UHRWVGlLcGt4bzRLM0VHRjVa M1VKejVsUnZaK0JKQ1lsCjEzRXVGN2VlS3ZseUJiNTZ1ZnhSWGVwV3RpVFMra3ZFaHBRRFVnRHZZ eWpzc0UxTFZBcm1PQllBMFVDRlpGVjMKU2ZFVWJqa2RyK3ZTTWZtQVhsbTRtak9UalNIazBpTjcw UndLTkVJSjlIQWlta29ERmNXN2tuUzNpc0NyVWhzZgpQbWJQMVZqWEZRcnVDcFd3OUJ6VjEzR1l4 UW1YRVRKZnUrWTRLSUVxUkdNQ1BUdlNKNXhEc05URlV3TWlEZVYzCjJ1WmdOc05EMTk2T0k5enJC ZzhsV2VPSlRoUGtPUmsvOHFwdWpiTGgxSzRaUmMvcS9Id0srcExNeW5iTnlrZlAKRHYzZ3VHZGdK OGMzT08vbUljWm8zdFA5Z1dqQ29JQTRaeVNLV2RIVHVvMUdpdHZJbjJ2aU42cHlIYU5YZHJQYQpT WG1VeTludGhIdHVLSVYxaFQyRUZBRzJZNEhCbklBRmpyNFVkSGhjU0hxd3N1SnVYWkkwTmRHYWlC L2FuZFRSCmxZOUhKcTk2S3ZmOW80TDJsVHU2UEVQTHMyQk1nZ2piRStPU3pYQTVLMnVFOU9qZ3kw cE1UVHRub2tOTzkxNlAKVXNnTjU2Wnk2cmNOT1d1VVBqcHJwWFRTVGVLNVJFSXcxTkhJb05qd0d3 VDFBNzA3LzJmSUIwWnU0eFJkTWxDTQpuMXJ0ampaZm14dVpSZnVVd0JUSAo9QTNrTQotLS0tLUVO RCBQR1AgU0lHTkFUVVJFLS0tLS0K --===============3802108271268715458==--