chicha-whois is a tiny but powerful CLI tool for working with the RIPE database and generating DNS ACLs. Clean, simple, and gets the job done. Written in Golang.
Pick your binary and get started:
Need something else? Check all binaries.
On Linux AMD64, install in one line:
sudo curl -L https://files.zabiyaka.net/chicha-whois/latest/no-gui/linux/amd64/chicha-whois -o /usr/local/bin/chicha-whois && sudo chmod +x /usr/local/bin/chicha-whoisDone? Try it:
chicha-whois -h-u: Update the RIPE database.-dns-acl COUNTRYCODE: Generate a BIND ACL (e.g.,RU).-dns-acl-f COUNTRYCODE: Create a filtered ACL (no redundant subnets).-l: Show available country codes.-h: Show help.
-
Update the RIPE database
chicha-whois -u
This downloads and updates the database locally.
-
Create an ACL for Russia
chicha-whois -dns-acl RU
Outputs
acl_RU.confwith all Russian IP ranges. -
Optimized ACL
chicha-whois -dns-acl-f RU
Same as above, but smarter—filters out redundant subnets.
-
List all country codes
chicha-whois -l
- Database saved to:
~/.ripe.db.cache/ripe.db.inetnum. - ACL files saved to: Your home directory (e.g.,
~/acl_RU.conf).
Copy and paste the following configuration into your BIND9 named.conf:
include "/etc/bind/acl_RU.conf";
include "/etc/bind/acl_UA.conf";
view "Russia" {
match-clients { RU; }; # RU clients
zone "domain.com" {
type master;
file "/etc/bind/zones/db.domain.com.RU";
};
};
view "Ukraine" {
match-clients { UA; }; # UA clients
zone "domain.com" {
type master;
file "/etc/bind/zones/db.domain.com.UA";
};
};
view "default" {
match-clients { any; }; # All other clients
zone "domain.com" {
type master;
file "/etc/bind/zones/db.domain.com.default";
};
};
Save ACLs to /etc/bind/acl_RU.conf and /etc/bind/acl_UA.conf.
/etc/bind/zones/db.domain.com.RU
/etc/bind/zones/db.domain.com.UA
/etc/bind/zones/db.domain.com.default
sudo named-checkconf
sudo named-checkzone domain.com /etc/bind/zones/db.domain.com.ru
sudo systemctl restart bind9
Done!