On Wed, 21 Jul 2004 14:49:53 -0700, Jimmy (Jimbo) Wales
<jwales(a)wikia.com> wrote:
I agree with Luc on this, but I freely admit that to
me this is the
only option realistically possible anyway, unless we have some way
that I have not learned about to figure out where people are just by
their ip number.
68.32.0.0 - 68.63.255.255 = US
68.20.0.0 - 68.23.255.255 = US
4.0.0.0 - 4.255.255.255 = US
68.64.0.0 - 68.71.255.255 = US
210.10.0.0 - 210.10.127.255 = AU
12.0.0.0 - 12.255.255.255 = US
195.224.0.0 - 195.224.255.255 = UK
211.10.20.0 - 211.10.20.255 = JP
211.13.128.0 - 211.13.159.255 = JP
35.0.0.0 - 35.255.255.255 = US
64.0.0.0 - 64.3.255.255 = US
65.0.0.0 - 65.6.255.255 = US
67.43.144.0 - 67.43.159.255 = US
67.43.160.0 - 67.43.175.255 = US
68.96.0.0 - 68.111.255.255 = US
69.0.128.0 - 69.0.255.255 = US
69.132.0.0 - 69.135.255.255 = US
69.30.192.0 - 69.30.223.255 = US
83.226.0.0 - 83.227.255.255 = SE
84.128.0.0 - 84.135.255.255 = DE
84.64.0.0 - 84.71.255.255 = GB
It's fairly straight-forward to get more information like this. The
ARIN/RIPE (and APNIC for Asia) breakdown is fairly clean. Things only
get messy once you're inside a particular range (trying to figure out
how the ARIN blocks break down, or even how ATT distributes its blocs
geographically, is a total nightmare -- but not impossible.. that's
basically what Akamai does for all that money).
It looks like the "sortlist" option in BIND might do what's
required... but a (perhaps) better way occurred to me as well -- do
source-based NAT before requests reach the nameservers.
It's simple to set up two completely different nameservers that return
different RRsets (I do this all the time so that machines on my
internal networks use internal IPs for machines, and outsiders get the
outside addresses). We could simply do the same thing by configuring
a router to forward requests from a RIPE bloc to one nameserver (which
returns the European address) and to forward requests from everywhere
else to the other nameserver (which would return the Florida
addresses).
I think the routing-based magic would be preferable to a solution in
BIND because I trust routers more than I trust BIND.
-Bill Clark