Re: [exim-dev] [Bug 2911] New: setting dns_again_means_nonex…

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Viktor Dukhovni
Data:  
Para: exim-dev
Temas novos: Re: [exim-dev] [Bug 2911] New: setting dns_again_means_nonexist to a list containing @mx_ lookups causes segfault
Asunto: Re: [exim-dev] [Bug 2911] New: setting dns_again_means_nonexist to a list containing @mx_ lookups causes segfault
On Fri, Aug 19, 2022 at 02:04:06PM +0000, admin--- via Exim-dev wrote:

> https://bugs.exim.org/show_bug.cgi?id=2911
>
>             Bug ID: 2911
>            Summary: setting dns_again_means_nonexist to a list containing
>                     @mx_ lookups causes segfault
>            Product: Exim
>            Version: 4.96
>           Hardware: x86
>                 OS: Linux
>             Status: NEW
>           Severity: bug
>           Priority: medium
>          Component: List matching
>           Assignee: unallocated@???
>           Reporter: thomasm-exim@???
>                 CC: exim-dev@???

>
> Now if a DNS lookup for a MX gives TRY_AGAIN, exim will check whether the name
> MX name is in dns_again_means_nonexist. [...]


Note that if this also potentially applies to TLSA lookups, then
downgrading SRVFAIL (try again) to NXDOMAIN breaks the downgrade
resistance of DANE.

This is of course also likely to trigger bounces in the presence of
transient errors, and is basically a really bad idea.

-- 
    Viktor.