Milter-greylist

On Mon, Aug 05, 2013 at 01:10:22PM +0200, Johann Klasek wrote:
> On Mon, Aug 05, 2013 at 11:55:46AM +0200, Jim Klimov wrote:
> > Interesting off-topic came up today... I wonder if name resolution
> > (via res_nquery()) can fall-back to file-based nsswitch as well, or
> > if it just resolves its host's own name, at least on Solaris?
> 
> res_* does not use the nss_* framework (it's true for the way back).
> nss_* provides hostname resolution for gethostbyname/addr.

Forgot about this: Solaris FAQ mentions it:

 4.2) What is /etc/nsswitch.conf? 

 [..]
 Terminology: Sun worried over the term "resolver", which technically
 means any "get info" routine (getpwent(3), gethostbyname(3), etc), but
 is also specifically attached to the DNS resolver. Therefore they used
 the term "source" to mean the things after the colon
 (files/DNS/NIS/NIS+) and "database" to mean the thing before the colon
 (passwd/group/hosts/services/netgroup etc).

 A complete discussion can be found in nsswitch.conf(4). 

[..]
> > and the name should not be cached from previous DNS replies... Still,
> > interesting :)
> 
> Use a tracing tool make a look behind the scenes ...
> 
> truss -f nslookup 10.0.16.60 8.8.8.8

Probably the requests go into some door_* call ...


Johann