On Wednesday, March 19, 2025 3:40:28 PM CET Mónika Kiss wrote: > Hello, > > Thank you for your response. > > I have a domain categorization program written in C that dynamically > determines the risk level of a queried domain. > I need to integrate this categorization logic into a BIND 9 plugin that: > > - Calls the categorization function to analyze each incoming DNS query. > - Modifies the DNS response based on the categorization result: > - If the domain is categorized as high risk, return a custom IP > address (e.g., 192.168.1.100) instead of resolving the query. > - Otherwise, allow the query to proceed to the upstream DNS resolver > as usual. > - > > I think I can't do this with the RPZ. > > Best regards, > Monika
Hi Monika, If it's output from a program, you'll probably want the zone to dynamically respond to updates yes... There are two ways I could think of going about this. The first one is using static zone files, and having your program build zone files as needed, then pushing them into the server and restarting BIND. This is how I do it for my zones, albeit not very real-time at all. I guess it could work if the updates are done only a few times a day. The second one is to use RPZ alongside dynamic DNS updates. I haven't done that in my networks, you'll have to look that up or ask someone else. But with that, I could imagine that it would allow your program to very quickly push new records based on its findings. That said though, where is this program running? For DNS monitoring, a good vantage point would be the DNS server itself running tcpdump and/or Wireshark on port 53 (both TCP and UDP). Meanwhile for traffic in general, the gateway or a forward proxy server may be able to give better results (but encrypted traffic would be a pain to deal with). -- Met vriendelijke groet, Michael De Roover Mail: i...@nixmagic.com Web: michael.de.roover.eu.org -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
