Re: Sending extra info in bind dns query packet

[Matus UHLAR - fantomas]

On 14.07.16 11:19, Sachin Patil wrote:

I am just looking into bind and want to send extra information while
querying dns bind server.
This information will be used at the bind server side to return the
resolved ip.


Do you mean something like proposed "edns client subnet" that may return
different server IP address based on the client's IP?

I'm afraid it's not supported by BIND yet.


I have control of dns query and bind server, I mean I can modify the source
codes of both.

Can I use additional section of dns protocol to send my extra information
in dns query packet?


Is there other way I can send this extra info through the bind dns query
packet?


it's highly dependent on what exactly you want to achieve.

--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
"So does syphillis. Good thing we have penicillin." - Matthew Alton
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Sending extra info in bind dns query packet

[Darcy Kevin (FCA)]

Sachin,
I strongly suggest that you consider other methods to 
accomplish what you’re trying to achieve. You seem to have latched onto one 
particular method to reach your goal – modifying the contents of the DNS 
request and/or response packets – but this amounts to changing the DNS 
protocol. There is no BIND configuration “tweak” to accomplish it – you’d have 
to hack on code (probably the code for both the client and server sides). This 
is a significant undertaking, and if you’ve never hacked on BIND code before, 
prepare yourself for a steep learning curve.

If all you’re trying to do – as someone surmised in another post – is control 
client access to resources, then it should be possible to leverage existing 
non-DNS technologies and resources for this (firewalls, proxies, etc. 
configured with appropriate ACLs), or, as also suggested, RPZ. Why reinvent the 
wheel?



- Kevin

[FCA_Pantone_email]
--
Kevin Darcy
NAFTA Information Security Projects

FCA US LLC
1075 W Entrance Dr,
Auburn Hills, MI 48326
USA

Telephone: +1 (248) 838-6601
Mobile: +1 (810) 397-0103
Email: kevin.da...@fcagroup.com

From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Sachin 
Patil
Sent: Thursday, July 14, 2016 7:56 AM
To: Jan-Piet Mens
Cc: bind-users@lists.isc.org
Subject: Re: Sending extra info in bind dns query packet

I have searched through the list and found discussion about standard practice 
not to add it.
I did not find any post which gives clear idea on how to add the custom 
additional section record in dns query packet.

On Thu, Jul 14, 2016 at 5:04 PM, Jan-Piet Mens 
<jpmens@gmail.com<mailto:jpmens@gmail.com>> wrote:
I did not get this... am I posting this to wrong mailing list?

This has been discussed several times on this list within the past few weeks.  
You should check the archives.

-JP

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org<mailto:bind-users@lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Sending extra info in bind dns query packet

[Mukund Sivaraman]

On Thu, Jul 14, 2016 at 11:15:03PM +1000, Karl Auer wrote:
> On Thu, 2016-07-14 at 11:19 +0530, Sachin Patil wrote:
> > I am just looking into bind and want to send extra information while
> > querying dns bind server. This information will be used at the bind 
> > server side to return the resolved ip.
> 
> I've had an off-list discussion with Sachin Patel, asking him what he
> was actually trying to achieve. It turns out that it is this:
> 
> "I am just trying to fiddle with dns server to block certain users to
> certain resources."

Perhaps an existing mechanism such as RPZ would be suitable.

Mukund


signature.asc
Description: PGP signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Sending extra info in bind dns query packet

[Barry Margolin]

In article ,
 Jan-Piet Mens  wrote:

> >I did not get this... am I posting this to wrong mailing list?
> 
> This has been discussed several times on this list within the past few weeks. 
>  
> You should check the archives.
> 
>   -JP

Weren't the past threads about sending additional information in the 
reply. This is about sending additional information in the request.

I think the only acceptable way to do this would be via the EDNS0 
extension mechanism.

-- 
Barry Margolin
Arlington, MA
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Sending extra info in bind dns query packet

[Karl Auer]

On Thu, 2016-07-14 at 11:19 +0530, Sachin Patil wrote:
> I am just looking into bind and want to send extra information while
> querying dns bind server. This information will be used at the bind 
> server side to return the resolved ip.

I've had an off-list discussion with Sachin Patel, asking him what he
was actually trying to achieve. It turns out that it is this:

"I am just trying to fiddle with dns server to block certain users to
certain resources."

I have suggested that he look for solutions to *that* problem, rather
than starting by modifying BIND.

That said, there may be ways to use the DNS to achieve what he needs,
and this is not such a bad place to ask for pointers in that direction.

Is it?

Regards, K.

-- 
~~~
Karl Auer (ka...@biplane.com.au)
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: E00D 64ED 9C6A 8605 21E0 0ED0 EE64 2BEE CBCB C38B
Old fingerprint: 3C41 82BE A9E7 99A1 B931 5AE7 7638 0147 2C3C 2AC4



___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Sending extra info in bind dns query packet

[Sachin Patil]

I have searched through the list and found discussion about standard
practice not to add it.
I did not find any post which gives clear idea on how to add the custom
additional section record in dns query packet.

On Thu, Jul 14, 2016 at 5:04 PM, Jan-Piet Mens  wrote:

> I did not get this... am I posting this to wrong mailing list?
>>
>
> This has been discussed several times on this list within the past few
> weeks.  You should check the archives.
>
> -JP
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Sending extra info in bind dns query packet

[Jan-Piet Mens]

I did not get this... am I posting this to wrong mailing list?


This has been discussed several times on this list within the past few weeks.  
You should check the archives.


-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Sending extra info in bind dns query packet

[Sachin Patil]

I did not get this... am I posting this to wrong mailing list?

On Thu, Jul 14, 2016 at 4:16 PM, Woodworth, John R <
john.woodwo...@centurylink.com> wrote:

> > >Is there an echo in here?
> >
> > More like an endless loop.
> >
> >   -JP
>
> ICMP: Echo Reply
>
> > ___
> > Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> >
> > bind-users mailing list
> > bind-users@lists.isc.org
> > https://lists.isc.org/mailman/listinfo/bind-users
> -- THESE ARE THE DROIDS TO WHOM I REFER:
> This communication is the property of CenturyLink and may contain
> confidential or privileged information. Unauthorized use of this
> communication is strictly prohibited and may be unlawful. If you have
> received this communication in error, please immediately notify the sender
> by reply e-mail and destroy all copies of the communication and any
> attachments.
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Sending extra info in bind dns query packet

[Woodworth, John R]

> >Is there an echo in here?
>
> More like an endless loop.
>
>   -JP

ICMP: Echo Reply

> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- THESE ARE THE DROIDS TO WHOM I REFER:
This communication is the property of CenturyLink and may contain confidential 
or privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful. If you have received this communication in 
error, please immediately notify the sender by reply e-mail and destroy all 
copies of the communication and any attachments.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Sending extra info in bind dns query packet

[Jan-Piet Mens]

Is there an echo in here?


More like an endless loop.

-JP
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Sending extra info in bind dns query packet

[G.W. Haywood]

Hi there,

On Thu, 14 Jul 2016, Sachin Patil wrote:


I am just looking into bind and want to send extra information while
querying dns bind server. ...


Is there an echo in here?

--

73,
Ged.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users