[bind10-dev] hooks in recursive server processing
stephen at isc.org
Thu Jan 20 15:08:26 UTC 2011
On 19 Jan 2011, at 23:51, Jerry Scharf wrote:
> I am slogging through every single response we got for the DNS operational survey. We asked people for any ideas that they would want.
I'm at the UK Network Operators' Forum meeting and at lunch was speaking to a person from Ericsson who was interested in BIND-10. He was after the ability to filter incoming packets to a resolver and to drop packets from addresses that were sending too many. (He suggested a token-bucket approach - if you exceed more than a certain number of packets in a fixed time (say a few seconds), packets are dropped until the bucket receives more tokens.)
The reason for this request is to do with mobile networks; sending too many packets (and responses) uses bandwidth. The ability to limit traffic to heavy users allows the network to be fairer to the rest.
> One person asked for the ability to "doctor" responses and a second person asked to be able to have an external module be called whenever there is a cache miss. To me, these seem to roll together as a slow version of inline filtering of the cache fill.
> As you look at the design of the cache fill section, it would be nice if the design has the ability to a) route the cache fill request to a different module and b) have that module be able to call back into the upstream processing side of the cache fill. I am not saying anything about figuring out how to manage the capability or how the messages will be handled, I just want to say that this would be a nice thing that others could use.
I take this as meaning that we should make it simple for people to add in their own code (and not just around the cache). Either add in dummy calls at significant points and allow users to replace them, or supply documentation on the process flow and indicate where additional code could be added.
More information about the bind10-dev