Custom DNS Filtering Plugin in BIND 9
Grant Taylor
gtaylor at tnetconsulting.net
Thu Mar 20 20:24:56 UTC 2025
On 3/19/25 10:02 AM, Ondřej Surý wrote:
> Thinking aloud - perhaps, we can extend the plugin API (and RPZ) in a
> way to add the classification to the message processing and then the RPZ
> processing could read the classification and take an action?
This sounds like my understanding of what the Response Policy Service
(RPS) is supposed to achieve.
"The DNS Response Policy Service (DNSRPS) API, is a mechanism to allow
named to use an external response policy provider. This allows the same
type of policy filtering as standard RPZ, but can reduce the workload
for named, particularly when using large and frequently updated policy
zones. It also enables named to share response policy providers with
other DNS implementations such as Unbound. Thanks to Vernon Schryver
and Farsight Security for the contribution."
Link - BIND 9.12 development is getting closer to completion!
- https://www.isc.org/blogs/bind-9-12-almost-ready/
I have long considered RPS for DNS to be like the milter API for email.
--
Grant. . . .
unix || die
More information about the bind-users
mailing list