[Mildly OT] Userland Control Of getbostbyname()

Fri Sep 30 14:21:16 UTC 2016

On 09/30/2016 09:15 AM, Matthew Seaman wrote:
> On 09/30/16 14:47, Tim Daneliuk wrote:
>> Is it possible to control *which* DNS server (and port) a userland program
>> queries for DNS resolution when doing gethosbyname() and gethostbyip()
>> calls?  dig and nslookup seem capable of defining the DNS server to query,
>> but I don't know if they're doing the call directly or via the gethostby...
>> calls.
>>
>> In a perfect world, I'd get a solution to this that was language agnostic -
>> a way to tell my userland programs - in C, Java, Python, perl, go ... 
>> always use this server:port when doing name resolution.
> 
> Server, yes but not port, and only globally -- by editing /etc/resolv.conf
> 
> However, if you're running with the standard local_unbound enabled, then
> you can specify a forward-addr including a port in
> /var/unbound/forward.conf like so:
> 
>    forward-addr: 192.0.2.1 at 1053
> 
> Note: this is an all or nothing solution, although it does fulfil your
> criterion of being language agnostic.  Every application will get
> directed to your alternative DNS server+port, not just some chosen one.
> 
> You can override the resolvers per application if you're willing to code
> that per application.  Of course the API used is language specific, and
> you can't use gethostbyname(3) and that ilk, (which can do lookups from
> many sources other than the DNS) but only by doing DNS lookups directly
> from your code.
> 
> 	Cheers,
> 
> 	Matthew
> 
> 
> 

Thanks Matthew, that's kind of what I figured.  The fundamental requirement
for my use case is that all the config changes be do-able without root
or sudo access.  It's sounds like this is not possible short of - as you
point out - writing custom query code.  This breaks the other half of
my use case - existing code should just run and use the newly selected
resolver.  Sigh ...

I suspect more people are going to run into this as the industry moves more
and more to containerized microservices.  There are any number of scenarios
where you want to be able to spin up custom compute topologies on-demand
without having to go through the administrative overhead of getting a DNS
admin to make your changes every time.

-- 
----------------------------------------------------------------------------
Tim Daneliuk     tundra at tundraware.com
PGP Key:         http://www.tundraware.com/PGP/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20160930/cf2c200c/attachment.sig>