Re: Modifying a response
On 2010-02-24 14:09, Peter Andreev wrote: 2010/2/24 Alan Clegg acl...@isc.org mailto:acl...@isc.org Peter Andreev wrote: For example: if user asks for non-existent domain, caching server replies with some address and no-error rcode. _Extremely_ bad idea. Yes, I know, but boss is boss and task is task :). Thank you very much for your answer. You might want to talk to your boss about DNSSEC and how it insures that answer modification is not allowed -- and how it keeps your customers safe and secure and is a good selling point (see the Comcast announcement that was made yesterday). AlanC Oh, DNSSSEC is another headache. These two tasks doesn't influence each other. As far as I can tell, they DO: your modified answers will be marked as BOGUS by DNSSEC and will be thrown away. Niobos ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Modifying a response
Hello, everybody. Is it possible to modify responses on caching server side? For example: if user asks for non-existent domain, caching server replies with some address and no-error rcode. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Modifying a response
On Wed, Feb 24, 2010 at 01:28:09PM +0300, Peter Andreev andreev.pe...@gmail.com wrote a message of 31 lines which said: Is it possible to modify responses on caching server side? Not with BIND (short of modifying the source code). Other name servers may do it http://mailman.powerdns.com/pipermail/pdns-users/2008-June/005471.html. For example: if user asks for non-existent domain, caching server replies with some address and no-error rcode. _Extremely_ bad idea. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Modifying a response
2010/2/24 Stephane Bortzmeyer bortzme...@nic.fr On Wed, Feb 24, 2010 at 01:28:09PM +0300, Peter Andreev andreev.pe...@gmail.com wrote a message of 31 lines which said: Is it possible to modify responses on caching server side? Not with BIND (short of modifying the source code). Other name servers may do it http://mailman.powerdns.com/pipermail/pdns-users/2008-June/005471.html. I hoped there is something like plugin which isn't mentioned in manual. For example: if user asks for non-existent domain, caching server replies with some address and no-error rcode. _Extremely_ bad idea. Yes, I know, but boss is boss and task is task :). Thank you very much for your answer. ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Modifying a response
Peter Andreev wrote: For example: if user asks for non-existent domain, caching server replies with some address and no-error rcode. _Extremely_ bad idea. Yes, I know, but boss is boss and task is task :). Thank you very much for your answer. You might want to talk to your boss about DNSSEC and how it insures that answer modification is not allowed -- and how it keeps your customers safe and secure and is a good selling point (see the Comcast announcement that was made yesterday). AlanC signature.asc Description: OpenPGP digital signature ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Modifying a response
2010/2/24 Alan Clegg acl...@isc.org Peter Andreev wrote: For example: if user asks for non-existent domain, caching server replies with some address and no-error rcode. _Extremely_ bad idea. Yes, I know, but boss is boss and task is task :). Thank you very much for your answer. You might want to talk to your boss about DNSSEC and how it insures that answer modification is not allowed -- and how it keeps your customers safe and secure and is a good selling point (see the Comcast announcement that was made yesterday). AlanC Oh, DNSSSEC is another headache. These two tasks doesn't influence each other. Thank you for advice ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Modifying a response
On Wed, Feb 24, 2010 at 11:37:29AM +0100, Stephane Bortzmeyer bortzme...@nic.fr wrote a message of 18 lines which said: Other name servers may do it http://www.unbound.net/documentation/pythonmod/index.html http://www.unbound.net/documentation/pythonmod/examples/example3.html ___ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users