[exim-dev] dnssec_strict vs defer_never

Top Page
Delete this message
Reply to this message
Author: Mike Cardwell
Date:  
To: exim-dev
Subject: [exim-dev] dnssec_strict vs defer_never
Is the following a bug:

root@glue:~# exim4 -be '${lookup dnsdb{defer_never,dnssec_strict,a=google.com}}'
Failed: lookup of "defer_never,dnssec_strict,a=google.com" gave DEFER:
root@glue:~#

From the docs:

The possible keywords are "dnssec_strict", "dnssec_lax", and
"dnssec_never". With "strict" or "lax" DNSSEC information is requested
with the lookup. With "strict" a response from the DNS resolver that is
not labelled as authenticated data is treated as equivalent to a
temporary DNS error.

And:

The possible keywords are "defer_strict", "defer_never", and
"defer_lax". With "strict" behaviour, any temporary DNS error causes
the whole lookup to defer. With "never" behaviour, a temporary DNS
error is ignored, and the behaviour is as if the DNS lookup failed to
find anything.

I'd expect the "defer_never" modifier to prevent the "dnssec_strict"
modifier from causing a DEFER.

-- 
Mike Cardwell  https://grepular.com https://emailprivacytester.com
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3   B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1   BF1B 295C 3C78 3EF1 46B4