Thank you, I'll take a look. * Greg Choules <[email protected]> [2025-11-22 :39:31]:
> Here is the RPZ draft: > https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-dns-rpz-00 > Here are references in the ARM showing how to use it in BIND: > https://bind9.readthedocs.io/en/stable/chapter6.html#enter-rpz > https://bind9.readthedocs.io/en/stable/reference.html#response-policy-zone-rpz-rewriting > > I hope that helps. > Cheers, Greg > > On Sat, 22 Nov 2025 at 17:16, Chunhui Ouyang <[email protected]> wrote: > > > I know, so I'm just hoping for some introductory examples, like some > > simple configurations, but that's okay, I'll find them myself. Thanks. I > > originally wanted to write a plugin, but for plugins, I'd like some > > introductory examples, like how I should build the most basic project > > without depending on config.h or... If it must be compiled within the tree, > > how should I build a tree-based plugin that can compile correctly? Because > > it currently throws an error without including config.h. > > > > * Ondřej Surý <[email protected]> [2025-11-22 :08:39]: > > > > > I think you are mistaking open source with free labor. > > > > > > It’s your client and your commercial contract, I gave you pointers, how > > you handle these it is entire up to you, but don’t expect people here to do > > this proprietary job for you for free. > > > > > > Ondrej > > > -- > > > Ondřej Surý — ISC (He/Him) > > > > > > My working hours and your working hours may be different. Please do not > > feel obligated to reply outside your normal working hours. > > > > > > > On 22. 11. 2025, at 17:15, Chunhui Ouyang <[email protected]> wrote: > > > > > > > > I see it, but I still have two questions: > > > > > > > > 1. The client says there might be hundreds of thousands of IPs that > > need to be matched, so I need a convenient process to match these addresses. > > > > > > > > 2. Can you tell me how to write RPG entries? > > > > > > > > * Ondřej Surý <[email protected]> [2025-11-22 :38:03]: > > > > > > > >> I already gave you the links to the documentation and the tutorial > > below. Have you looked at these? > > > >> > > > >> -- > > > >> Ondřej Surý (He/Him) > > > >> [email protected] > > > >> > > > >> My working hours and your working hours may be different. Please do > > not feel obligated to reply outside your normal working hours. > > > >> > > > >>>> On 22. 11. 2025, at 15:40, Chunhui Ouyang <[email protected]> > > wrote: > > > >>> > > > >>> Can you give me an example? > > > >>> > > > >>> * Ondřej Surý <[email protected]> [2025-11-22 :34:48]: > > > >>> > > > >>>> RPZ already has the functionality that you’ve described below. > > There’s no need to write a new plugin for this. > > > >>>> > > > >>>> Ondrej > > > >>>> -- > > > >>>> Ondřej Surý — ISC (He/Him) > > > >>>> > > > >>>> My working hours and your working hours may be different. Please do > > not feel obligated to reply outside your normal working hours. > > > >>>> > > > >>>>> On 22. 11. 2025, at 14:43, Chunhui Ouyang <[email protected]> > > wrote: > > > >>>>> > > > >>>>> What's the meaning? > > > >>>>> > > > >>>>> * Ondřej Surý <[email protected]> [2025-11-22 :25:08]: > > > >>>>> > > > >>>>>> Sorry, actually, not RPZ-CLIENT-IP, it is just RPZ-IP triggering > > rule. > > > >>>>>> > > > >>>>>> Ondrej > > > >>>>>> -- > > > >>>>>> Ondřej Surý (He/Him) > > > >>>>>> [email protected] > > > >>>>>> > > > >>>>>> My working hours and your working hours may be different. Please > > do not feel obligated to reply outside your normal working hours. > > > >>>>>> > > > >>>>>>>> On 22. 11. 2025, at 14:22, Ondřej Surý <[email protected]> wrote: > > > >>>>>>> > > > >>>>>>>> It will filter DNS resolution requests and match the IP record > > of any domain name against a given list; if a match is found, it will force > > the return of the given IP. > > > >>>>>>> > > > >>>>>>> > > > >>>>>>> You mean like RPZ-CLIENT-IP? > > > >>>>>>> > > > >>>>>>> https://www.isc.org/rpz/ > > > >>>>>>> and > > > >>>>>>> https://www.isc.org/docs/BIND_RPZ.pdf > > > >>>>>>> > > > >>>>>>> ? > > > >>>>>>> > > > >>>>>>> Ondrej > > > >>>>>>> -- > > > >>>>>>> Ondřej Surý (He/Him) > > > >>>>>>> [email protected] > > > >>>>>>> > > > >>>>>>> My working hours and your working hours may be different. Please > > do not feel obligated to reply outside your normal working hours. > > > >>>>>>> > > > >>>>>> > > > >>>>> <signature.asc> > > > >>>> > > > >> > > > > <signature.asc> > > > > > -- > > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > > from this list. > >
signature.asc
Description: PGP signature
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list.
