Date: Mon, 10 Dec 2001 16:08:15 +0700 From: Igor M Podlesny <poige@morning.ru> To: Terry Lambert <tlambert2@mindspring.com> Cc: Dima Dorfman <dima@trit.org>, chris@FreeBSD.ORG, freebsd-hackers@FreeBSD.ORG Subject: Re[2]: jail.c.patch (allowing to use hostnames when invoking jail(8)) Message-ID: <136249500292.20011210160815@morning.ru> In-Reply-To: <3C141F9E.D7681BCC@mindspring.com> References: <20011209205442.C8D0A3E2F@bazooka.trit.org> <3C141F9E.D7681BCC@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Dima Dorfman wrote: >> Here's an updated patch which is a result of comments from a few >> people. The changes are: (a) deconfuse the usage message by not >> naming two arguments as "hostname" (that was sloppiness on my part), >> and (b) remove a redundant inet_aton call (gethostbyname(3) will DTRT >> with an IP address) [1]. >> >> [1] It probably shouldn't, since as others have pointed out to me, >> "1.1.1.1" is a valid DNS name. The correct solution would be to have >> a flag which makes it explicit whether the argument is an IP address >> or DNS name, but few, if any, other programs in the system do this, >> and I don't think this is a good place to start. > This is why the inte_aton() call is still necessary. > And it won't "do the right thing", per se, since it wants to kick > a DNS query off for a purely numeric tupple set. > I, and I suspect others, start jails up at boot time, well before > any network connection has been established. You are requiring us > to install caching DNS servers with preloaded caches, and delay > starting up until after the servers are started. > This is marginally unacceptable. > One of the reasons I use jails is to establish a set of 13 virtual > hosts, one of which acts as the root DNS server for a testbed that > pretends that it is the real Internet root DNS server. > In other jails, I run "client" DNS machines with DNS delegations > from this "root" server, which also do inter-host (inter-jail, in > reality) zone synchornization. > If/when these zones are in conflict (e.g. when I run a NAT in two > or more of them with a 10.x address block for each, and then VPN > between them using address block translation to translate 10.1 to > 10.2 and vice versa in each, with DNS forwarding for the block so > that name lookups work as expected), then I am screwed by your > change, since I can't have two canonical names for the same IP > address later. > Please call inet_aton(), and then _only_ if that fails, call the > gethostbyname(). :) My patch was originally made because of this namely. I wanted just to have add-on working as fall-through. Hope you guys will commit it. ;) p.s. I keep my jails hostnames in /etc/hosts > PS: Your man pages are better. > -- Terry -- Igor mailto:poige@morning.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?136249500292.20011210160815>