About Bind Plugin development
Greg Choules
gregchoules+bindusers at googlemail.com
Sat Nov 22 19:39:31 UTC 2025
Here is the RPZ draft:
https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-dns-rpz-00
Here are references in the ARM showing how to use it in BIND:
https://bind9.readthedocs.io/en/stable/chapter6.html#enter-rpz
https://bind9.readthedocs.io/en/stable/reference.html#response-policy-zone-rpz-rewriting
I hope that helps.
Cheers, Greg
On Sat, 22 Nov 2025 at 17:16, Chunhui Ouyang <jack9603301 at 163.com> wrote:
> I know, so I'm just hoping for some introductory examples, like some
> simple configurations, but that's okay, I'll find them myself. Thanks. I
> originally wanted to write a plugin, but for plugins, I'd like some
> introductory examples, like how I should build the most basic project
> without depending on config.h or... If it must be compiled within the tree,
> how should I build a tree-based plugin that can compile correctly? Because
> it currently throws an error without including config.h.
>
> * Ondřej Surý <ondrej at isc.org> [2025-11-22 :08:39]:
>
> > I think you are mistaking open source with free labor.
> >
> > It’s your client and your commercial contract, I gave you pointers, how
> you handle these it is entire up to you, but don’t expect people here to do
> this proprietary job for you for free.
> >
> > Ondrej
> > --
> > Ondřej Surý — ISC (He/Him)
> >
> > My working hours and your working hours may be different. Please do not
> feel obligated to reply outside your normal working hours.
> >
> > > On 22. 11. 2025, at 17:15, Chunhui Ouyang <jack9603301 at 163.com> wrote:
> > >
> > > I see it, but I still have two questions:
> > >
> > > 1. The client says there might be hundreds of thousands of IPs that
> need to be matched, so I need a convenient process to match these addresses.
> > >
> > > 2. Can you tell me how to write RPG entries?
> > >
> > > * Ondřej Surý <ondrej at isc.org> [2025-11-22 :38:03]:
> > >
> > >> I already gave you the links to the documentation and the tutorial
> below. Have you looked at these?
> > >>
> > >> --
> > >> Ondřej Surý (He/Him)
> > >> ondrej at isc.org
> > >>
> > >> My working hours and your working hours may be different. Please do
> not feel obligated to reply outside your normal working hours.
> > >>
> > >>>> On 22. 11. 2025, at 15:40, Chunhui Ouyang <jack9603301 at 163.com>
> wrote:
> > >>>
> > >>> Can you give me an example?
> > >>>
> > >>> * Ondřej Surý <ondrej at isc.org> [2025-11-22 :34:48]:
> > >>>
> > >>>> RPZ already has the functionality that you’ve described below.
> There’s no need to write a new plugin for this.
> > >>>>
> > >>>> Ondrej
> > >>>> --
> > >>>> Ondřej Surý — ISC (He/Him)
> > >>>>
> > >>>> My working hours and your working hours may be different. Please do
> not feel obligated to reply outside your normal working hours.
> > >>>>
> > >>>>> On 22. 11. 2025, at 14:43, Chunhui Ouyang <jack9603301 at 163.com>
> wrote:
> > >>>>>
> > >>>>> What's the meaning?
> > >>>>>
> > >>>>> * Ondřej Surý <ondrej at isc.org> [2025-11-22 :25:08]:
> > >>>>>
> > >>>>>> Sorry, actually, not RPZ-CLIENT-IP, it is just RPZ-IP triggering
> rule.
> > >>>>>>
> > >>>>>> Ondrej
> > >>>>>> --
> > >>>>>> Ondřej Surý (He/Him)
> > >>>>>> ondrej at isc.org
> > >>>>>>
> > >>>>>> My working hours and your working hours may be different. Please
> do not feel obligated to reply outside your normal working hours.
> > >>>>>>
> > >>>>>>>> On 22. 11. 2025, at 14:22, Ondřej Surý <ondrej at isc.org> wrote:
> > >>>>>>>
> > >>>>>>>> It will filter DNS resolution requests and match the IP record
> of any domain name against a given list; if a match is found, it will force
> the return of the given IP.
> > >>>>>>>
> > >>>>>>>
> > >>>>>>> You mean like RPZ-CLIENT-IP?
> > >>>>>>>
> > >>>>>>> https://www.isc.org/rpz/
> > >>>>>>> and
> > >>>>>>> https://www.isc.org/docs/BIND_RPZ.pdf
> > >>>>>>>
> > >>>>>>> ?
> > >>>>>>>
> > >>>>>>> Ondrej
> > >>>>>>> --
> > >>>>>>> Ondřej Surý (He/Him)
> > >>>>>>> ondrej at isc.org
> > >>>>>>>
> > >>>>>>> My working hours and your working hours may be different. Please
> do not feel obligated to reply outside your normal working hours.
> > >>>>>>>
> > >>>>>>
> > >>>>> <signature.asc>
> > >>>>
> > >>
> > > <signature.asc>
> >
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20251122/25446643/attachment-0001.htm>
More information about the bind-users
mailing list