Re: [exim-dev] [Bug 2911] New: setting dns_again_means_nonex…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Viktor Dukhovni
Datum:  
To: exim-dev
Neue Treads: Re: [exim-dev] [Bug 2911] New: setting dns_again_means_nonexist to a list containing @mx_ lookups causes segfault
Betreff: Re: [exim-dev] [Bug 2911] New: setting dns_again_means_nonexist to a list containing @mx_ lookups causes segfault
On Fri, Aug 19, 2022 at 02:04:06PM +0000, admin--- via Exim-dev wrote:

> https://bugs.exim.org/show_bug.cgi?id=2911
>
>             Bug ID: 2911
>            Summary: setting dns_again_means_nonexist to a list containing
>                     @mx_ lookups causes segfault
>            Product: Exim
>            Version: 4.96
>           Hardware: x86
>                 OS: Linux
>             Status: NEW
>           Severity: bug
>           Priority: medium
>          Component: List matching
>           Assignee: unallocated@???
>           Reporter: thomasm-exim@???
>                 CC: exim-dev@???

>
> Now if a DNS lookup for a MX gives TRY_AGAIN, exim will check whether the name
> MX name is in dns_again_means_nonexist. [...]


Note that if this also potentially applies to TLSA lookups, then
downgrading SRVFAIL (try again) to NXDOMAIN breaks the downgrade
resistance of DANE.

This is of course also likely to trigger bounces in the presence of
transient errors, and is basically a really bad idea.

-- 
    Viktor.