Re: [exim-dev] [Bug 2264] DNS lookups should not chase CNAME…

Top Page

Reply to this message
Author: Viktor Dukhovni
To: exim-dev
Subject: Re: [exim-dev] [Bug 2264] DNS lookups should not chase CNAME chains

> On Jun 9, 2018, at 7:50 PM, Jeremy Harris via Exim-dev <exim-dev@???> wrote:
>> OK, that's what I'd expect, from this you can conclude
>> that "nomx.example" has no MX records.
> With a retry count of one, and the current coding, it failed
> when it hit that case. It was far simpler to loop once than
> try to rewrite all the code.

My concern would be that if the code is unable to draw the
right conclusion from just the initial response (i.e. it
does not parse all the records to build a chain to the
final target, and check for the presence or absence of
the answer for that target), then one extra query could
also be insufficient. CNAME chains can be multiple
elements long (10 is a popular limit). A classic
example is:

  $ dig +noall +ans +nocl +nottl -t a         CNAME CNAME CNAME CNAME CNAME A

which arrives as a single DNS response.