On Wed, 21 Jul 2004 14:49:53 -0700, Jimmy (Jimbo) Wales jwales@wikia.com wrote:
I agree with Luc on this, but I freely admit that to me this is the only option realistically possible anyway, unless we have some way that I have not learned about to figure out where people are just by their ip number.
68.32.0.0 - 68.63.255.255 = US 68.20.0.0 - 68.23.255.255 = US 4.0.0.0 - 4.255.255.255 = US 68.64.0.0 - 68.71.255.255 = US 210.10.0.0 - 210.10.127.255 = AU 12.0.0.0 - 12.255.255.255 = US 195.224.0.0 - 195.224.255.255 = UK 211.10.20.0 - 211.10.20.255 = JP 211.13.128.0 - 211.13.159.255 = JP 35.0.0.0 - 35.255.255.255 = US 64.0.0.0 - 64.3.255.255 = US 65.0.0.0 - 65.6.255.255 = US 67.43.144.0 - 67.43.159.255 = US 67.43.160.0 - 67.43.175.255 = US 68.96.0.0 - 68.111.255.255 = US 69.0.128.0 - 69.0.255.255 = US 69.132.0.0 - 69.135.255.255 = US 69.30.192.0 - 69.30.223.255 = US 83.226.0.0 - 83.227.255.255 = SE 84.128.0.0 - 84.135.255.255 = DE 84.64.0.0 - 84.71.255.255 = GB
It's fairly straight-forward to get more information like this. The ARIN/RIPE (and APNIC for Asia) breakdown is fairly clean. Things only get messy once you're inside a particular range (trying to figure out how the ARIN blocks break down, or even how ATT distributes its blocs geographically, is a total nightmare -- but not impossible.. that's basically what Akamai does for all that money).
It looks like the "sortlist" option in BIND might do what's required... but a (perhaps) better way occurred to me as well -- do source-based NAT before requests reach the nameservers.
It's simple to set up two completely different nameservers that return different RRsets (I do this all the time so that machines on my internal networks use internal IPs for machines, and outsiders get the outside addresses). We could simply do the same thing by configuring a router to forward requests from a RIPE bloc to one nameserver (which returns the European address) and to forward requests from everywhere else to the other nameserver (which would return the Florida addresses).
I think the routing-based magic would be preferable to a solution in BIND because I trust routers more than I trust BIND.
-Bill Clark