When getaddrinfo() is called, I'd like to be able to stop the request from completing before res_nquery is called, stemming from a "permissions" concern.
"...is used to select which sources..." - is used by what to select which sources?
I've looked at https://www.freebsd.org/cgi/man.cgi?query=nsdispatch, and it looks like a better place to implement security related code than res_nquery, but the impression I have of the "name-service switch dispatcher routine" is that the decision to go through with dispatch has already been made sometime before that point.
Maybe a better question / line of thinking: when I call getaddrinfo(), how do I trace that call back, one step at a time, to res_nquery?
On DragonflyBSD, NetBSD and FreeBSD, the "name-service switch dispatcher" configured in /etc/nsswitch.conf is used to select which sources for hostname lookups to use and what order to use them.
"...is used to select which sources..." - is used by what to select which sources?
I've looked at https://www.freebsd.org/cgi/man.cgi?query=nsdispatch, and it looks like a better place to implement security related code than res_nquery, but the impression I have of the "name-service switch dispatcher routine" is that the decision to go through with dispatch has already been made sometime before that point.
Maybe a better question / line of thinking: when I call getaddrinfo(), how do I trace that call back, one step at a time, to res_nquery?