On 3/21/25 08:31, Mónika Kiss wrote:
I wanted to provide some additional context and clarify a few key
aspects of my use case:
* I already maintain a large, pre-existing file containing
comprehensive domain categorization data.
* This file is updated externally and serves as the sole source of
truth for categorization decisions.
* As such, I do not wish to store any additional data within the
plugin, memory, or any BIND-internal structures.
* Instead, I want the plugin to dynamically query this data by calling
my existing C program or SDK, which reads and evaluates domains in
real time.
Desired Behavior
* On each DNS query, the plugin should:
1. Extract the domain from the query.
2. Call my categorization logic (via C function or subprocess).
3. Based on the result:
o *If High Risk*: Immediately stop further resolution and
return a custom response (e.g., a custom IP address).
o *Otherwise*: Allow the query to continue to upstream
resolvers as normal.
* The plugin will be handling a very high volume of DNS queries, so
performance is critical.
Sounds like filter-aaaa plugin, plus a call to an external API.
If (and that's a big IF) the 'external API' is so fast it does not
require asynchronicity it should be a copy & paste job, mostly.
If the external thing is slow and requires asynchronicity then we need
to have a proper look.
Perhaps start with copy & paste for now and we will take it from there...
--
Petr Špaček
Internet Systems Consortium
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
