dns-overlay

Uses a mount namespace to create a unique /etc/resolv.conf for a process tree.

Usage

dns-overlay -f /path/to/custom/resolv.conf -c bash

This will mount /path/to/custom/resolv.conf over /etc/resolv.conf and start a new bash shell. This will result in the new shell and its children using different DNS servers to the rest of the processes. The CAP_SYS_ADMIN capability is set on the dns-overlay binary and is dropped before starting the child process.

NOTE:

Child processes are made with the system call.

Building

make setcap

This will create the binary dns-overlay and set the CAP_SYS_ADMIN capability on it (assumes the user building can sudo).

Why?

I needed to test some stuff I was doing in VMs with DNS and didn't want changes to affect other processes.