Re: Sending extra info in bind dns query packet
On 14.07.16 11:19, Sachin Patil wrote: I am just looking into bind and want to send extra information while querying dns bind server. This information will be used at the bind server side to return the resolved ip. Do you mean something like proposed "edns client subnet" that may return different server IP address based on the client's IP? I'm afraid it's not supported by BIND yet. I have control of dns query and bind server, I mean I can modify the source codes of both. Can I use additional section of dns protocol to send my extra information in dns query packet? Is there other way I can send this extra info through the bind dns query packet? it's highly dependent on what exactly you want to achieve. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist "So does syphillis. Good thing we have penicillin." - Matthew Alton ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Sending extra info in bind dns query packet
Sachin, I strongly suggest that you consider other methods to accomplish what you’re trying to achieve. You seem to have latched onto one particular method to reach your goal – modifying the contents of the DNS request and/or response packets – but this amounts to changing the DNS protocol. There is no BIND configuration “tweak” to accomplish it – you’d have to hack on code (probably the code for both the client and server sides). This is a significant undertaking, and if you’ve never hacked on BIND code before, prepare yourself for a steep learning curve. If all you’re trying to do – as someone surmised in another post – is control client access to resources, then it should be possible to leverage existing non-DNS technologies and resources for this (firewalls, proxies, etc. configured with appropriate ACLs), or, as also suggested, RPZ. Why reinvent the wheel? - Kevin [FCA_Pantone_email] -- Kevin Darcy NAFTA Information Security Projects FCA US LLC 1075 W Entrance Dr, Auburn Hills, MI 48326 USA Telephone: +1 (248) 838-6601 Mobile: +1 (810) 397-0103 Email: kevin.da...@fcagroup.com From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Sachin Patil Sent: Thursday, July 14, 2016 7:56 AM To: Jan-Piet Mens Cc: bind-users@lists.isc.org Subject: Re: Sending extra info in bind dns query packet I have searched through the list and found discussion about standard practice not to add it. I did not find any post which gives clear idea on how to add the custom additional section record in dns query packet. On Thu, Jul 14, 2016 at 5:04 PM, Jan-Piet Mens mailto:jpmens@gmail.com>> wrote: I did not get this... am I posting this to wrong mailing list? This has been discussed several times on this list within the past few weeks. You should check the archives. -JP ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org<mailto:bind-users@lists.isc.org> https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sending extra info in bind dns query packet
On Thu, Jul 14, 2016 at 11:15:03PM +1000, Karl Auer wrote: > On Thu, 2016-07-14 at 11:19 +0530, Sachin Patil wrote: > > I am just looking into bind and want to send extra information while > > querying dns bind server. This information will be used at the bind > > server side to return the resolved ip. > > I've had an off-list discussion with Sachin Patel, asking him what he > was actually trying to achieve. It turns out that it is this: > > "I am just trying to fiddle with dns server to block certain users to > certain resources." Perhaps an existing mechanism such as RPZ would be suitable. Mukund signature.asc Description: PGP signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sending extra info in bind dns query packet
In article , Jan-Piet Mens wrote: > >I did not get this... am I posting this to wrong mailing list? > > This has been discussed several times on this list within the past few weeks. > > You should check the archives. > > -JP Weren't the past threads about sending additional information in the reply. This is about sending additional information in the request. I think the only acceptable way to do this would be via the EDNS0 extension mechanism. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sending extra info in bind dns query packet
On Thu, 2016-07-14 at 11:19 +0530, Sachin Patil wrote: > I am just looking into bind and want to send extra information while > querying dns bind server. This information will be used at the bind > server side to return the resolved ip. I've had an off-list discussion with Sachin Patel, asking him what he was actually trying to achieve. It turns out that it is this: "I am just trying to fiddle with dns server to block certain users to certain resources." I have suggested that he look for solutions to *that* problem, rather than starting by modifying BIND. That said, there may be ways to use the DNS to achieve what he needs, and this is not such a bad place to ask for pointers in that direction. Is it? Regards, K. -- ~~~ Karl Auer (ka...@biplane.com.au) http://www.biplane.com.au/kauer http://twitter.com/kauer389 GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sending extra info in bind dns query packet
I have searched through the list and found discussion about standard practice not to add it. I did not find any post which gives clear idea on how to add the custom additional section record in dns query packet. On Thu, Jul 14, 2016 at 5:04 PM, Jan-Piet Mens wrote: > I did not get this... am I posting this to wrong mailing list? >> > > This has been discussed several times on this list within the past few > weeks. You should check the archives. > > -JP > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sending extra info in bind dns query packet
I did not get this... am I posting this to wrong mailing list? This has been discussed several times on this list within the past few weeks. You should check the archives. -JP ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sending extra info in bind dns query packet
I did not get this... am I posting this to wrong mailing list? On Thu, Jul 14, 2016 at 4:16 PM, Woodworth, John R < john.woodwo...@centurylink.com> wrote: > > >Is there an echo in here? > > > > More like an endless loop. > > > > -JP > > ICMP: Echo Reply > > > ___ > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > -- THESE ARE THE DROIDS TO WHOM I REFER: > This communication is the property of CenturyLink and may contain > confidential or privileged information. Unauthorized use of this > communication is strictly prohibited and may be unlawful. If you have > received this communication in error, please immediately notify the sender > by reply e-mail and destroy all copies of the communication and any > attachments. > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Sending extra info in bind dns query packet
> >Is there an echo in here? > > More like an endless loop. > > -JP ICMP: Echo Reply > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- THESE ARE THE DROIDS TO WHOM I REFER: This communication is the property of CenturyLink and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sending extra info in bind dns query packet
Is there an echo in here? More like an endless loop. -JP ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Sending extra info in bind dns query packet
Hi there, On Thu, 14 Jul 2016, Sachin Patil wrote: I am just looking into bind and want to send extra information while querying dns bind server. ... Is there an echo in here? -- 73, Ged. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Sending extra info in bind dns query packet
Hello All, I am just looking into bind and want to send extra information while querying dns bind server. This information will be used at the bind server side to return the resolved ip. I have control of dns query and bind server, I mean I can modify the source codes of both. Can I use additional section of dns protocol to send my extra information in dns query packet? Is there other way I can send this extra info through the bind dns query packet? Thanks, Sachin ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users