slide 34 resolver not chrooted

2014-08-07 Thread Kevin Chadwick
If the only nameserver entry in /etc/resolv.conf is say 127.0.0.1 or localhost such as when using unbound couldn't opensmtpds resolver read that line and chroot without issues like dhcp changes? -- ___ 'Write programs that do

Re: slide 34 resolver not chrooted

2014-08-07 Thread Alexander Schrijver
On Thu, Aug 07, 2014 at 11:30:02AM +0100, Kevin Chadwick wrote: If the only nameserver entry in /etc/resolv.conf is say 127.0.0.1 or localhost such as when using unbound couldn't opensmtpds resolver read that line and chroot without issues like dhcp changes? I think the problem is that you

Re: slide 34 resolver not chrooted

2014-08-07 Thread Alexander Schrijver
Yeah I'm not sure whether it is worth the effort but I was thinking if a user has set a localhost as the nameserver then can we be very close to certain that they are not going to change the resolv.conf? Having two DNS resolvers behave completely different because they're using different

Re: slide 34 resolver not chrooted

2014-08-07 Thread Kevin Chadwick
On Thu, 7 Aug 2014 19:39:28 +0200 Alexander Schrijver wrote: Yeah I'm not sure whether it is worth the effort but I was thinking if a user has set a localhost as the nameserver then can we be very close to certain that they are not going to change the resolv.conf? Having two DNS

Re: slide 34 resolver not chrooted

2014-08-07 Thread Gilles Chehade
On Thu, Aug 07, 2014 at 07:15:32PM +0100, Kevin Chadwick wrote: On Thu, 7 Aug 2014 19:39:28 +0200 Alexander Schrijver wrote: Yeah I'm not sure whether it is worth the effort but I was thinking if a user has set a localhost as the nameserver then can we be very close to certain that

Re: slide 34 resolver not chrooted

2014-08-07 Thread Kevin Chadwick
On Thu, 7 Aug 2014 20:41:39 +0200 Gilles Chehade wrote: Nope there's currently no way to turn chrooting for the lookup process. It's not really a resolver thing, we could have the resolver code in a chroot with some refactoring, but we need a process that does not run chrooted for other