Date: Sun, 09 Dec 2001 18:36:14 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: Dima Dorfman <dima@trit.org> Cc: chris@FreeBSD.ORG, Igor M Podlesny <poige@morning.ru>, freebsd-hackers@FreeBSD.ORG Subject: Re: jail.c.patch (allowing to use hostnames when invoking jail(8)) Message-ID: <3C141F9E.D7681BCC@mindspring.com> References: <20011209205442.C8D0A3E2F@bazooka.trit.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Dima Dorfman wrote: > Here's an updated patch which is a result of comments from a few > people. The changes are: (a) deconfuse the usage message by not > naming two arguments as "hostname" (that was sloppiness on my part), > and (b) remove a redundant inet_aton call (gethostbyname(3) will DTRT > with an IP address) [1]. > > [1] It probably shouldn't, since as others have pointed out to me, > "1.1.1.1" is a valid DNS name. The correct solution would be to have > a flag which makes it explicit whether the argument is an IP address > or DNS name, but few, if any, other programs in the system do this, > and I don't think this is a good place to start. This is why the inte_aton() call is still necessary. And it won't "do the right thing", per se, since it wants to kick a DNS query off for a purely numeric tupple set. I, and I suspect others, start jails up at boot time, well before any network connection has been established. You are requiring us to install caching DNS servers with preloaded caches, and delay starting up until after the servers are started. This is marginally unacceptable. One of the reasons I use jails is to establish a set of 13 virtual hosts, one of which acts as the root DNS server for a testbed that pretends that it is the real Internet root DNS server. In other jails, I run "client" DNS machines with DNS delegations from this "root" server, which also do inter-host (inter-jail, in reality) zone synchornization. If/when these zones are in conflict (e.g. when I run a NAT in two or more of them with a 10.x address block for each, and then VPN between them using address block translation to translate 10.1 to 10.2 and vice versa in each, with DNS forwarding for the block so that name lookups work as expected), then I am screwed by your change, since I can't have two canonical names for the same IP address later. Please call inet_aton(), and then _only_ if that fails, call the gethostbyname(). PS: Your man pages are better. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C141F9E.D7681BCC>