On Mon, Jan 16, 2017 at 08:10:54AM +0100, Remi Locherer wrote: > > Why not make pledge dns dependent the -p flag? > > Remi
I suspect a bit more work than just replacing "dns" by "inet" when -p is used would be required. In particular, it would requiring a conditional use of SOCK_DNS on the socket(2) call, and as it is in library part (under src/usr.sbin/bind/lib/isc), it would mean an invasive change in API. -- Sebastien Marie
