mkdir /var/www/moodledata/geoip
cd /var/www/moodledata/geoip/
wget the file they say to download ... a tar.gz
tar zxvf *.tar.gz or .tgz
chown apache:apache ../geoip/ -R
The location seen for an IP is only as good as the data you downloaded.
Blocks of IP addresses get re-assigned/re-allocated all the time.
Doing DNS checks on every access will slow things down ... besides that, DNS can be spoofed ... so what's the point?
Not sure I'd use the ip blocking in Moodle. Best way is to do it at the network level ... but that too could be a 'catch 22'.
Do your students use smartphones or tablets? Some of those 'strange IP addresses' you see really could be a carrier IP ... AT&T, Verizon, etc.. And if a kiddo went to 'grandma's' or uncles, or XXX?
At one time, I embarked on using an add on to apache to limit access by IP blocks. Futile effort.
If you go the block route ... you'll have to map the entire globe.
If you go the allow route, there are always exceptions ... like student/parent ... even you on vacation in Florida using hotel/motel WiFi that will bite ya.
Best approach might be to make sure you are running a supported for fixes to code and security updates version of Moodle. Moodle security is really pretty good.
Good luck! ;)
'spirit of sharing', Ken