Sending extra info in bind dns query packet

Darcy Kevin (FCA) kevin.darcy at
Fri Jul 15 00:13:36 UTC 2016

                I strongly suggest that you consider other methods to accomplish what you’re trying to achieve. You seem to have latched onto one particular method to reach your goal – modifying the contents of the DNS request and/or response packets – but this amounts to changing the DNS protocol. There is no BIND configuration “tweak” to accomplish it – you’d have to hack on code (probably the code for both the client and server sides). This is a significant undertaking, and if you’ve never hacked on BIND code before, prepare yourself for a steep learning curve.

If all you’re trying to do – as someone surmised in another post – is control client access to resources, then it should be possible to leverage existing non-DNS technologies and resources for this (firewalls, proxies, etc. configured with appropriate ACLs), or, as also suggested, RPZ. Why reinvent the wheel?

                                                                                                                                                                                                                                - Kevin

Kevin Darcy
NAFTA Information Security Projects

1075 W Entrance Dr,
Auburn Hills, MI 48326

Telephone: +1 (248) 838-6601
Mobile: +1 (810) 397-0103
Email: kevin.darcy at

From: bind-users [mailto:bind-users-bounces at] On Behalf Of Sachin Patil
Sent: Thursday, July 14, 2016 7:56 AM
To: Jan-Piet Mens
Cc: bind-users at
Subject: Re: Sending extra info in bind dns query packet

I have searched through the list and found discussion about standard practice not to add it.
I did not find any post which gives clear idea on how to add the custom additional section record in dns query packet.

On Thu, Jul 14, 2016 at 5:04 PM, Jan-Piet Mens <jpmens.dns at<mailto:jpmens.dns at>> wrote:
I did not get this... am I posting this to wrong mailing list?

This has been discussed several times on this list within the past few weeks.  You should check the archives.


Please visit to unsubscribe from this list

bind-users mailing list
bind-users at<mailto:bind-users at>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 3764 bytes
Desc: image001.jpg
URL: <>

More information about the bind-users mailing list