Subject: Re: per-process socket security settings
To: None <firstname.lastname@example.org>
From: Jason R Thorpe <email@example.com>
Date: 03/07/2001 18:19:42
On Thu, Mar 08, 2001 at 10:42:39AM +0900, firstname.lastname@example.org wrote:
> yup, but if there's someone who would like to use IPsec'ed DNS
> lookup... an option to /etc/resolv.conf may be necessary.
Right, so if there is an option for resolv.conf, I guess it would
work like this:
- defaults to off.
- if off, explicitly set policy to "don't use ipsec" when
making the DNS request.
- if on, explitly set policy to "use" or "require", based
on whatever the option is set to (and I guess allow the
option to set ah or esp or both).
That's the only sane way I can think of.
-- Jason R. Thorpe <email@example.com>