Robert Milkowski writes: > JC> You could also call the libresolv functions directly. > > That's an option however the problem is that on other systems (Linux) > there's different behavior and it's a problem.
I don't follow. Can you describe what the "different behavior" is, and why it can't be worked around? > Then sometimes you > don't care about spoofing 'coz you have too much customers with > misconfigured DNS and from their point of view it's you who doesn't > work - and you do not argue with customers :) I somewhat agree, but do those customers understand that they're actually getting _wrong_ answers? I'd be a little surprised if a customer actually expressed a desire for wrong answers. (But only a little, I suppose.) > Anyway, imho it would be ok if some kind of configuration switch would > be provided in nscd (it's only nscd problem, right?) to turn on/off > spoofing checking - looks like it should be really simple. > I'm sure Tomasz would even implement this and send to request-sponsor > if we only reach some consencus. Sadly, no, because it's currently possible to disable nscd administratively and force each application to use NSS directly. Worse still, if the sanity check is disabled in nscd, then it's disabled for *ALL* applications on the system. In other words, if you want to turn the feature on, you're forced to give everyone potentially wrong answers, including those who might not want wrong answers. If it's ok for this new feature to be extremely fragile (i.e., depend directly on nscd to function and be unavailable otherwise, and be insufficiently flexible so that it threatens multiple applications rather than just the intended target), I suppose it might be doable. It would require some way for nscd to set flags that the DNS resolver itself. I don't think it's a complete design, though, nor necessarily a good idea. -- James Carlson, KISS Network <[EMAIL PROTECTED]> Sun Microsystems / 1 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677 _______________________________________________ networking-discuss mailing list [email protected]
