From owner-freebsd-net@FreeBSD.ORG Mon Aug 28 22:17:07 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1A31616A4DA for ; Mon, 28 Aug 2006 22:17:07 +0000 (UTC) (envelope-from duane@dwpc.dwlabs.ca) Received: from smtpout.eastlink.ca (smtpout.eastlink.ca [24.222.0.30]) by mx1.FreeBSD.org (Postfix) with ESMTP id A10D943D45 for ; Mon, 28 Aug 2006 22:17:04 +0000 (GMT) (envelope-from duane@dwpc.dwlabs.ca) Received: from ip03.eastlink.ca ([24.222.10.15]) by mta01.eastlink.ca (Sun Java System Messaging Server 6.2-4.03 (built Sep 22 2005)) with ESMTP id <0J4Q00KRMB4SOPL0@mta01.eastlink.ca> for freebsd-net@freebsd.org; Mon, 28 Aug 2006 19:14:52 -0300 (ADT) Received: from blk-224-199-230.eastlink.ca (HELO dwpc.dwlabs.ca) ([24.224.199.230]) by ip03.eastlink.ca with ESMTP; Mon, 28 Aug 2006 19:17:03 -0300 Received: from dwpc.dwlabs.ca (localhost [127.0.0.1]) by dwpc.dwlabs.ca (8.13.6/8.13.6) with ESMTP id k7SMCIaH040070; Mon, 28 Aug 2006 19:12:18 -0300 (ADT envelope-from duane@dwpc.dwlabs.ca) Received: (from duane@localhost) by dwpc.dwlabs.ca (8.13.6/8.13.6/Submit) id k7SMCIZw040069; Mon, 28 Aug 2006 19:12:18 -0300 (ADT envelope-from duane) Date: Mon, 28 Aug 2006 19:12:18 -0300 From: Duane Whitty In-reply-to: <44F344FA.1000408@elischer.org> To: Julian Elischer Message-id: <20060828221218.GB93062@dwpc.dwlabs.ca> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Content-disposition: inline References: <44EF6E18.6090905@elischer.org> <44F3429F.6050204@FreeBSD.org> <44F344FA.1000408@elischer.org> User-Agent: Mutt/1.4.2.1i Cc: freebsd-net@freebsd.org Subject: Re: possible patch for implementing split DNS X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-net@freebsd.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Aug 2006 22:17:07 -0000 On Mon, Aug 28, 2006 at 12:33:14PM -0700, Julian Elischer wrote: > Doug Barton wrote: > > >Julian Elischer wrote: > > > > > >>I need some processes to look elsewhere for DNS information from where > >>the rest of the system looks.. This patch seems to me a simple solution. > >>We over-ride where the resolver looks for resolv.conf using an > >>environment variable. This would allow me to reset this to an application > >>specific config file that specifies a different server. > >> > >>Anyone got better ways fo doing this? > >> > >> > > > >Run the special processes in a jail with its own resolv.conf? My gut > >reaction to your suggestion is negative, but I'm having a hard time > >articulating a solid reason why. > > > > > > I need a couple of processes to go to different nameservers for the same > names.. > for example running 2 proxy servers, one taking requests from the inside > and one from the outside. > I want them to see two different universes so makign them source > different resolv.conf allows me to give > them different default domains and query different servers. > as well as use different timeouts. I can not run them in different jails. > they still need to listen on overlapping addresses for different ports etc. > Hi Julian, I'm no expert so I apologize in advance if I am wasting your time. I was just wondering if you could use the multiple views facility as provided by Bind 9? I'm currently using the technique to provide different views of my network depending on whether access is coming from an internal address or an external address. Perhaps I am not fully understanding the depth of the problem. Best Regards, Duane Whitty > ALmost all other services (e.g. inetd,natd,sshd, etc.etc.) allow you to > specify a different config file > so that you can supply different services to theinside and outside but > it all falls appart > if they still are forced to use the same DNS server and can not provide > a differentiated service > for that reason. > > >Perhaps if you described your problem in more detail, it would be easier to > >work around it, but I can't help thinking that there are better ways to > >solve this problem. > > > >Doug > > > > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"