[exim-dev] [Bug 1461] New: dnssec use floods /var/log/messag…

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Jeremy Harris
日付:  
To: exim-dev
新しいトピック: [exim-dev] [Bug 1461] dnssec use floods /var/log/messages
題目: [exim-dev] [Bug 1461] New: dnssec use floods /var/log/messages
------- You are receiving this mail because: -------
You are on the CC list for the bug.

http://bugs.exim.org/show_bug.cgi?id=1461
           Summary: dnssec use floods /var/log/messages
           Product: Exim
           Version: 4.82
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Lookups
        AssignedTo: jgh146exb@???
        ReportedBy: jgh146exb@???
                CC: exim-dev@???



The intro of dnssec checking on rdns lookups exposes a bug in the linux glibc:
once the process-global resolver options dnssec bit is set, old-style
gethostbyaddr lookup use it too and proceed to spit an error when the
non-understood RR arrives:

We'll be chasing the glibc issue separately, but exim might workaround by
either
flipping the dnssec bit only while needed or by converting all current use of
gethostby* to use the newer res_search(). The latter is preferred because we
want to use toward dnssec-everywhere (and anyway, gethostbyname in obsoleted by
getaddrinfo where both ipv4 & ipv6 returns are possible).

How this impacts OS' which use getipnodebyaddr (SunOS5, apparently) I'm not
sure. The linux manpage says that all OS' that support it call it deprecated.
The openindiana manpage says that getaddrinfo is preferred to it, and there is
a manpage for res_search; we could probably use res_search everywhere.


--
Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email