Re: [exim-dev] [Bug 2911] New: setting dns_again_means_nonex…

Top Page
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-dev
New-Topics: Re: [exim-dev] [Bug 2911] New: setting dns_again_means_nonexist to a list containing @mx_ lookups causes segfault
Subject: Re: [exim-dev] [Bug 2911] New: setting dns_again_means_nonexist to a list containing @mx_ lookups causes segfault
On Fri, Aug 19, 2022 at 02:04:06PM +0000, admin--- via Exim-dev wrote:

> https://bugs.exim.org/show_bug.cgi?id=2911
>
>             Bug ID: 2911
>            Summary: setting dns_again_means_nonexist to a list containing
>                     @mx_ lookups causes segfault
>            Product: Exim
>            Version: 4.96
>           Hardware: x86
>                 OS: Linux
>             Status: NEW
>           Severity: bug
>           Priority: medium
>          Component: List matching
>           Assignee: unallocated@???
>           Reporter: thomasm-exim@???
>                 CC: exim-dev@???

>
> Now if a DNS lookup for a MX gives TRY_AGAIN, exim will check whether the name
> MX name is in dns_again_means_nonexist. [...]


Note that if this also potentially applies to TLSA lookups, then
downgrading SRVFAIL (try again) to NXDOMAIN breaks the downgrade
resistance of DANE.

This is of course also likely to trigger bounces in the presence of
transient errors, and is basically a really bad idea.

-- 
    Viktor.