possible patch for implementing split DNS

Julian Elischer julian at elischer.org
Mon Aug 28 22:40:51 UTC 2006 

Duane Whitty wrote:

>On Mon, Aug 28, 2006 at 12:33:14PM -0700, Julian Elischer wrote:
>  
>
>>Doug Barton wrote:
>>
>>    
>>
>>>Julian Elischer wrote:
>>>
>>>
>>>      
>>>
>>>>I need some processes to look elsewhere for DNS information from where 
>>>>the rest of the system looks.. This patch seems to me a simple solution. 
>>>>We over-ride where the resolver looks for resolv.conf using an 
>>>>environment variable. This would allow me to reset this to an application
>>>>specific config file that specifies a different server.
>>>>
>>>>Anyone got better ways fo doing this?
>>>>  
>>>>
>>>>        
>>>>
>>>Run the special processes in a jail with its own resolv.conf? My gut
>>>reaction to your suggestion is negative, but I'm having a hard time
>>>articulating a solid reason why.
>>>
>>>
>>>      
>>>
>>I need a couple of processes to go to different nameservers for the same 
>>names..
>>for example running 2 proxy servers, one taking requests from the inside 
>>and one from the outside.
>>I want them to see two different universes so makign them source 
>>different resolv.conf allows me to give
>>them different default domains and query different servers.
>>as well as use different timeouts.  I can not run them in different jails.
>>they still need to listen on overlapping addresses for different ports etc.
>>
>>    
>>
>Hi Julian,
>
>I'm no expert so I apologize in advance if I am wasting your time.
>
>I was just wondering if you could use the multiple views facility as provided
>by Bind 9?  I'm currently using the technique to provide different views of my
>network depending on whether access is coming from an internal address or an
>external address.  Perhaps I am not fully understanding the depth of the problem.
>
>Best Regards,
>
>Duane Whitty
>
>  
>
>>ALmost all other services (e.g. inetd,natd,sshd, etc.etc.) allow you to 
>>specify a different config file
>>so that you can supply different services to theinside and outside but 
>>it all falls appart
>>if they still are forced to use the same DNS server and can not provide 
>>a differentiated service
>>for that reason.
>>    
>>
I'm not an expert on bind 9 views, but I want two sibling processs to 
get different network views.
can I do that on a freebsd6.1 machine using stock gethostbyname() from libc?

>>    
>>
>>>Perhaps if you described your problem in more detail, it would be easier to
>>>work around it, but I can't help thinking that there are better ways to
>>>solve this problem.
>>>
>>>Doug
>>>
>>>
>>>
>>>      
>>>
>>_______________________________________________
>>freebsd-net at freebsd.org mailing list
>>http://lists.freebsd.org/mailman/listinfo/freebsd-net
>>To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>>    
>>

More information about the freebsd-net mailing list