From owner-freebsd-net@FreeBSD.ORG Mon Aug 28 21:40:17 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E189C16A4DA; Mon, 28 Aug 2006 21:40:16 +0000 (UTC) (envelope-from prvs=julian=388a75976@elischer.org) Received: from a50.ironport.com (a50.ironport.com [63.251.108.112]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8063743D45; Mon, 28 Aug 2006 21:40:16 +0000 (GMT) (envelope-from prvs=julian=388a75976@elischer.org) Received: from unknown (HELO [10.251.18.229]) ([10.251.18.229]) by a50.ironport.com with ESMTP; 28 Aug 2006 14:40:16 -0700 Message-ID: <44F362C0.6080309@elischer.org> Date: Mon, 28 Aug 2006 14:40:16 -0700 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.13) Gecko/20060414 X-Accept-Language: en-us, en MIME-Version: 1.0 To: John-Mark Gurney References: <44EF6E18.6090905@elischer.org> <44F3429F.6050204@FreeBSD.org> <44F344FA.1000408@elischer.org> <20060828195339.GF37035@funkthat.com> In-Reply-To: <20060828195339.GF37035@funkthat.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD Net , Doug Barton Subject: Re: possible patch for implementing split DNS X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Aug 2006 21:40:17 -0000 John-Mark Gurney wrote: >Julian Elischer wrote this message on Mon, Aug 28, 2006 at 12:33 -0700: > > >>ALmost all other services (e.g. inetd,natd,sshd, etc.etc.) allow you to >>specify a different config file >>so that you can supply different services to theinside and outside but >>it all falls appart >>if they still are forced to use the same DNS server and can not provide >>a differentiated service >>for that reason. >> >> > >Why not put one of the two in side a jail (I think someone else mentioned >this), or chroot'd environment where it can pick up a different resolv.conf? > > > The very mail you quoted says that I can not put it inside a jail. a chroot is slightly less problematical except that they do need to share filesystems. To make it fully work I need to have /etc nearly all shared along with a lot more but I need to have different /etc/resolv.conf so, Why NOT make this tunable from the environment? it does not do it for SUID processes and there are already environment varables that influence name lookup.