<div dir="ltr">Hello,<div><br></div><div>Thank you for your response.</div><div><br></div><div>I have a domain categorization program written in C that dynamically determines the risk level of a queried domain.<br>I need to integrate this categorization logic into a BIND 9 plugin that:<br><ul><li>Calls the categorization function to analyze each incoming DNS query.</li><li>Modifies the DNS response based on the categorization result:</li><ul><li>If the domain is categorized as high risk, return a custom IP address (e.g., 192.168.1.100) instead of resolving the query. </li><li>Otherwise, allow the query to proceed to the upstream DNS resolver as usual.</li></ul><li><br></li></ul></div><div>I think I can't do this with the RPZ.</div><div><br></div><div>Best regards,</div><div>Monika</div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Wed, Mar 19, 2025 at 4:19 PM Michael De Roover <<a href="mailto:isc@nixmagic.com">isc@nixmagic.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div><p style="margin:0px"><span style="font-family:"Noto Sans"">On Wednesday, March 19, 2025 3:01:48 PM CET Bob McDonald wrote:</span></p>
<p style="margin:0px">> Maybe I'm not understanding all the nuances of the stated goal but doesn't</p>
<p style="margin:0px">> RPZ handle this?</p>
<br><p style="margin:0px">Was my first thought as well, works fine for me.</p>
<br><p style="margin:0px">In named.conf:</p>
<br><p style="margin:0px"><span style="font-family:"Noto Mono"">options {</span></p>
<p style="margin:0px"> // RPZ zone</p>
<p style="margin:0px"> // Source: <a href="https://deteque.com/m3aawg-bind-training/named.conf" target="_blank">https://deteque.com/m3aawg-bind-training/named.conf</a></p>
<p style="margin:0px"> response-policy {</p>
<p style="margin:0px"> zone "rpz.local";</p>
<p style="margin:0px"> };</p>
<p style="margin:0px">};</p>
<br><p style="margin:0px">// Response Policy Zone</p>
<p style="margin:0px">zone "rpz.local" {</p>
<p style="margin:0px"> type primary;</p>
<p style="margin:0px"> file "/path/to/rpz.local.db";</p>
<p style="margin:0px">};</p>
<br><p style="margin:0px"><span style="font-family:"Noto Sans"">----</span></p>
<br><p style="margin:0px">In rpz.local.db:</p>
<br><p style="margin:0px"><span style="font-family:"Noto Mono"">$TTL 300</span></p>
<br><p style="margin:0px">@ IN SOA localhost. admin.localhost. (</p>
<p style="margin:0px"> 1 ; Serial number</p>
<p style="margin:0px"> 60 ; Refresh every minute</p>
<p style="margin:0px"> 60 ; Retry every minute</p>
<p style="margin:0px"> 43200 ; Expire in 5 days</p>
<p style="margin:0px"> 60 ) ; Negative cache TTL 1 minute</p>
<p style="margin:0px"> IN NS LOCALHOST.</p>
<br><p style="margin:0px">; Examples</p>
<p style="margin:0px"><a href="http://example.net" target="_blank">example.net</a> IN CNAME localhost.</p>
<br><p style="margin:0px"><span style="font-family:"Noto Sans"">----</span></p>
<br><p style="margin:0px">Note that the public domain name records to be redirected via RPZ cannot have a trailing dot.</p>
<br><p style="margin:0px">-- </p>
<p style="margin:0px">Met vriendelijke groet,</p>
<p style="margin:0px">Michael De Roover</p>
<br><p style="margin:0px">Mail: <a href="mailto:isc@nixmagic.com" target="_blank">isc@nixmagic.com</a></p>
<p style="margin:0px">Web: <a href="http://michael.de.roover.eu.org" target="_blank">michael.de.roover.eu.org</a></p>
</div>
-- <br>
Visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</blockquote></div>