[bind10-dev] Ideas for modularity & hooks

[Robert Edmonds]

Jerry Scharf wrote:
> If you are looking for a few specific extension functions that could
> help the thought process along, here are a few:
> Whitelisting and blacklisting in the recursive cache

btw, from a passive DNS perspective it would be better to run a
blacklist just before returning an answer to the client rather than in
the iterative resolver component.

it's more effort to perform all of the work (iteration, caching, etc.)
before deciding to return a 'blacklisted' response to the client, but
blacklisting in the iterative resolver (such that an upstream RD=0 query
is never sent for the blacklisted name) has the side-effect of blinding
passive DNS replication for blacklisted names, and blacklisted names are
of particular interest to security-oriented passive DNS research.

-- 
Robert Edmonds
edmonds at isc.org