On 3/19/25 10:02 AM, Ondřej Surý wrote:
Thinking aloud - perhaps, we can extend the plugin API (and RPZ) in a way to add the classification to the message processing and then the RPZ processing could read the classification and take an action?
This sounds like my understanding of what the Response Policy Service (RPS) is supposed to achieve.
"The DNS Response Policy Service (DNSRPS) API, is a mechanism to allow named to use an external response policy provider. This allows the same type of policy filtering as standard RPZ, but can reduce the workload for named, particularly when using large and frequently updated policy zones. It also enables named to share response policy providers with other DNS implementations such as Unbound. Thanks to Vernon Schryver and Farsight Security for the contribution."
Link - BIND 9.12 development is getting closer to completion! - https://www.isc.org/blogs/bind-9-12-almost-ready/ I have long considered RPS for DNS to be like the milter API for email. -- Grant. . . . unix || die -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
