Custom DNS Filtering Plugin in BIND 9

[Grant Taylor]

Hi,

I get the impression that I'm still misunderstanding you or perhaps we 
don't have the same understanding of RPS / DLZ.  Perhaps I need more coffee.

On 3/21/25 2:31 AM, Mónika Kiss wrote:
>   * Instead, I want the plugin to dynamically query this data by calling
>     my existing C program or SDK, which reads and evaluates domains in
>     real time.

My understanding is that RPS is a way for BIND / named to communicate 
with something external as a source of information.  I think that it may 
be possible to create a DLZ driver that does similar.

To whit, BIND would dynamically query your existing data by calling your 
external program for it to read and evaluate domains.

>   * On each DNS query, the plugin should:
>      1. Extract the domain from the query.
>      2. Call my categorization logic (via C function or subprocess).
>      3. Based on the result:
>           o *If High Risk*: Immediately stop further resolution and
>             return a custom response (e.g., a custom IP address).
>           o *Otherwise*: Allow the query to continue to upstream
>             resolvers as normal.

Based on my understanding, RPS should be able to do all of those things.

I would encourage you to spend a few (more) minutes reviewing RPS as I 
think that what you're wanting to do is the thing that RPS is intended 
to solve.



-- 
Grant. . . .
unix || die