On 2016/09/15 06:23, Jiri B wrote: > On Thu, Sep 15, 2016 at 10:04:00AM +0100, Stuart Henderson wrote: > > > What about this: > > > > > > Add "rebound" as possible value to the lookup keyword in resolv.conf. > > > If this is set the libc resolver sends dns requests to the unix socket > > > /var/run/rebound.sock where rebound listens. rebound can use the > > > nameservers from /etc/resolv.conf without the risk of creating "loops". > > > > > > Remi > > > > > > > Non-standard things in resolv.conf hurt; some programs parse this directly. > > Why not having rebound as proxy and use PF anchor for that? > Or having a sysctl knob to "hijack" it somehow?
There are certainly plenty of use cases where having it as a hijacking proxy would be a problem (for example, when you want to do a direct DNS lookup from an auth server). On 2016/09/15 13:42, Remi Locherer wrote: > On Thu, Sep 15, 2016 at 10:04:00AM +0100, Stuart Henderson wrote: > > > > Non-standard things in resolv.conf hurt; some programs parse this directly. > > I did not think of this. Was there a big fallout in 2009 when the family > option was added? How do programs that parse /etc/resolv.conf directly deal > with "lookup yp"? (I know, lookup yp hase been removed recently). Not sure about "family". There were definitely problems with the extension to allow using a particular port.