e.g. bind9 server is running at 127.0.0.1:
$ dig mytest.com @127.0.0.1
# got this result:
mytest.com A 1.1.1.1
Can I create an extension for bind9 to monitor the traffice? ( e.g. know there is a client from IP 2.2.2.2 queried this domain mytest.com, and if the domain mytest.com is in the blacklist, this extension can do something )
POE gave me an example but it does not work: ( I think POE is cheating me ... )
// bind_extensions.py
from isc import dns
# 黑名单列表,包含需要拦截的IP地址
blacklist = ["1.2.3.4"]
class BlacklistExtension:
def __init__(self, zone_name):
self.zone_name = zone_name
def pre_resolve(self, qname, qtype, client_ip):
if qtype == dns.rdatatype.A and client_ip in blacklist:
# 如果请求的A记录在黑名单中,返回"未找到"
return dns.message.make_response(dns.message.make_query(qname, qtype), rcode=dns.rcode.NXDOMAIN)
return None
def post_resolve(self, qname, qtype, response, client_ip):
# 记录请求的A记录和客户端IP地址
if qtype == dns.rdatatype.A and response.rcode() == dns.rcode.NOERROR:
for rrset in response.answer:
if rrset.rdtype == dns.rdatatype.A:
for rdata in rrset:
print(f"Request for '{qname}' A record from {client_ip}. Answer: {rdata.address}")
# 扩展点定义
extensions = [BlacklistExtension("test.com")]