Date: Mon, 28 Aug 2006 22:05:53 -0300 From: Duane Whitty <duane@dwlabs.ca> To: Julian Elischer <julian@elischer.org> Cc: freebsd-net@freebsd.org Subject: Re: possible patch for implementing split DNS Message-ID: <20060829010553.GC93062@dwpc.dwlabs.ca> In-Reply-To: <44F370F2.7080406@elischer.org> References: <44EF6E18.6090905@elischer.org> <44F3429F.6050204@FreeBSD.org> <44F344FA.1000408@elischer.org> <20060828221218.GB93062@dwpc.dwlabs.ca> <44F370F2.7080406@elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 28, 2006 at 03:40:50PM -0700, Julian Elischer wrote: > Duane Whitty wrote: > > >On Mon, Aug 28, 2006 at 12:33:14PM -0700, Julian Elischer wrote: > > > > > >>Doug Barton wrote: > >> > >> > >> > >>>Julian Elischer wrote: > >>> > >>> > >>> > >>> > >>>>I need some processes to look elsewhere for DNS information from where > >>>>the rest of the system looks.. This patch seems to me a simple > >>>>solution. We over-ride where the resolver looks for resolv.conf using > >>>>an environment variable. This would allow me to reset this to an > >>>>application > >>>>specific config file that specifies a different server. > >>>> > >>>>Anyone got better ways fo doing this? > >>>> > >>>> > >>>> > >>>> > >>>Run the special processes in a jail with its own resolv.conf? My gut > >>>reaction to your suggestion is negative, but I'm having a hard time > >>>articulating a solid reason why. > >>> > >>> > >>> > >>> > >>I need a couple of processes to go to different nameservers for the same > >>names.. > >>for example running 2 proxy servers, one taking requests from the inside > >>and one from the outside. > >>I want them to see two different universes so makign them source > >>different resolv.conf allows me to give > >>them different default domains and query different servers. > >>as well as use different timeouts. I can not run them in different jails. > >>they still need to listen on overlapping addresses for different ports > >>etc. > >> > >> > >> > >Hi Julian, > > > >I'm no expert so I apologize in advance if I am wasting your time. > > > >I was just wondering if you could use the multiple views facility as > >provided > >by Bind 9? I'm currently using the technique to provide different views > >of my > >network depending on whether access is coming from an internal address or > >an > >external address. Perhaps I am not fully understanding the depth of the > >problem. > > > >Best Regards, > > > >Duane Whitty > > > > > > > >>ALmost all other services (e.g. inetd,natd,sshd, etc.etc.) allow you to > >>specify a different config file > >>so that you can supply different services to theinside and outside but > >>it all falls appart > >>if they still are forced to use the same DNS server and can not provide > >>a differentiated service > >>for that reason. > >> > >> > I'm not an expert on bind 9 views, but I want two sibling processs to > get different network views. > can I do that on a freebsd6.1 machine using stock gethostbyname() from libc? > Well, I think maybe your solution is the simplest and it sounds like an interesting feature. I do wonder though if it would be possible to bind a process to a network interface alias on the fly? So if you had ten possible network views create ten interface aliases and ten views in your named.conf. Could you then have your process use an ip address from the network interface alias of your choosing? I'm probably just making noise here... Best Regards, Duane Whitty > >> > >> > >>>Perhaps if you described your problem in more detail, it would be easier > >>>to > >>>work around it, but I can't help thinking that there are better ways to > >>>solve this problem. > >>> > >>>Doug > >>> > >>> > >>> > >>> > >>> > >>_______________________________________________ > >>freebsd-net@freebsd.org mailing list > >>http://lists.freebsd.org/mailman/listinfo/freebsd-net > >>To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > >> > >> > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060829010553.GC93062>