I'm doing a service similar to OpenDNS.
I need to take Bind (that will run on CentOS 6) and modify it so before it lookup the address it will check in the database (MySQL) for the category of the site, and if the category ID is in blacklist so the bind will send back a predefined IP and not the real IP.
Another feature is if the DNS couldn't be resolved, it will return another predefined IP as well.
If the site category is not black listed and it was resolved, it will return the correct address back to the resolve request.
The server will listen on number of addresses and will need to be configured differently per address, so this is the configuration:
[IP1]
CategoryToBlock=1,2,3,etc
ReturnBlockIP=1.2.3.4
ReturnMissingIP=2.3.4.5
[IP2]
CategoryToBlock=1,2,3,etc
ReturnBlockIP=1.2.3.4
ReturnMissingIP=2.3.4.5
Example:
Resolved [login to view URL], category search engines, not in blacklist, will return [login to view URL] IP
Resolved [login to view URL], category porn, in blacklist, will return the block IP
Also when looking up the database you need to strip the domain data, for example
[login to view URL], in the database there's [login to view URL]
So when looking up you need to try the full address, and if not found remove the left part and try again, you try until you get a reply or you are left only with the .com which you don't need to check the database.
You will also need to help me deploy the service on my machine.
This project will probably have number of follow up projects.
If you think there's a better alternative to Bind, I'm open to suggestions.