Sending extra info in bind dns query packet

Fri Jul 15 00:13:36 UTC 2016

Sachin,
                I strongly suggest that you consider other methods to accomplish what you’re trying to achieve. You seem to have latched onto one particular method to reach your goal – modifying the contents of the DNS request and/or response packets – but this amounts to changing the DNS protocol. There is no BIND configuration “tweak” to accomplish it – you’d have to hack on code (probably the code for both the client and server sides). This is a significant undertaking, and if you’ve never hacked on BIND code before, prepare yourself for a steep learning curve.

If all you’re trying to do – as someone surmised in another post – is control client access to resources, then it should be possible to leverage existing non-DNS technologies and resources for this (firewalls, proxies, etc. configured with appropriate ACLs), or, as also suggested, RPZ. Why reinvent the wheel?

                                                                                                                                                                                                                                - Kevin

[FCA_Pantone_email]
----------------------------------------------------------------------
Kevin Darcy
NAFTA Information Security Projects

FCA US LLC
1075 W Entrance Dr,
Auburn Hills, MI 48326
USA

Telephone: +1 (248) 838-6601
Mobile: +1 (810) 397-0103
Email: kevin.darcy at fcagroup.com

From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Sachin Patil
Sent: Thursday, July 14, 2016 7:56 AM
To: Jan-Piet Mens
Cc: bind-users at lists.isc.org
Subject: Re: Sending extra info in bind dns query packet

I have searched through the list and found discussion about standard practice not to add it.
I did not find any post which gives clear idea on how to add the custom additional section record in dns query packet.

On Thu, Jul 14, 2016 at 5:04 PM, Jan-Piet Mens <jpmens.dns at gmail.com<mailto:jpmens.dns at gmail.com>> wrote:
I did not get this... am I posting this to wrong mailing list?

This has been discussed several times on this list within the past few weeks.  You should check the archives.

        -JP

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160715/6dadadc8/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 3764 bytes
Desc: image001.jpg
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160715/6dadadc8/attachment-0001.jpg>