RE: Sending extra info in bind dns query packet

Thu, 14 Jul 2016 17:15:06 -0700 

Sachin,
                I strongly suggest that you consider other methods to 
accomplish what you’re trying to achieve. You seem to have latched onto one 
particular method to reach your goal – modifying the contents of the DNS 
request and/or response packets – but this amounts to changing the DNS 
protocol. There is no BIND configuration “tweak” to accomplish it – you’d have 
to hack on code (probably the code for both the client and server sides). This 
is a significant undertaking, and if you’ve never hacked on BIND code before, 
prepare yourself for a steep learning curve.

If all you’re trying to do – as someone surmised in another post – is control 
client access to resources, then it should be possible to leverage existing 
non-DNS technologies and resources for this (firewalls, proxies, etc. 
configured with appropriate ACLs), or, as also suggested, RPZ. Why reinvent the 
wheel?

                                                                                
                                                                                
                                                                - Kevin

[FCA_Pantone_email]
----------------------------------------------------------------------
Kevin Darcy
NAFTA Information Security Projects

FCA US LLC
1075 W Entrance Dr,
Auburn Hills, MI 48326
USA

Telephone: +1 (248) 838-6601
Mobile: +1 (810) 397-0103
Email: kevin.da...@fcagroup.com

From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Sachin 
Patil
Sent: Thursday, July 14, 2016 7:56 AM
To: Jan-Piet Mens
Cc: bind-users@lists.isc.org
Subject: Re: Sending extra info in bind dns query packet

I have searched through the list and found discussion about standard practice 
not to add it.
I did not find any post which gives clear idea on how to add the custom 
additional section record in dns query packet.

On Thu, Jul 14, 2016 at 5:04 PM, Jan-Piet Mens 
<jpmens....@gmail.com<mailto:jpmens....@gmail.com>> wrote:
I did not get this... am I posting this to wrong mailing list?

This has been discussed several times on this list within the past few weeks.  
You should check the archives.

        -JP

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org<mailto:bind-users@lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to