Bart Blanquart wrote: >> I have a dns server running on my global zone (admin_low), but my >> local (tx / non-cipso) zones can not do a nslookup, or even ping the >> global. I did not expect the ping to work, but what about a dns >> lookup to an admin_low host? Is this a tnzonecfg redirect? or am I >> missing something? > > The resolver in a zone doesn't contact the DNS-server itself: it makes a > door-call to nscd in the global zone, which does the lookup on its > behalf -- so there is no need for network connectivity between the > labeled zone and the DNS-server (wherever it's running).
I thought it was just lookups done through the nsswitch that worked like that. For direct use of libresolv there is no door to nscd so I would expect that the /etc/resolv.conf in the labeled zone would be used. Things like Kerberos make direct use of libresolv rather than going through nsswitch in some cases. -- Darren J Moffat
