Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160129005730.GQ238@brightrain.aerifal.cx>
Date: Thu, 28 Jan 2016 19:57:30 -0500
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: Re: Would love to see reconsideration for domain and
 search

On Thu, Oct 22, 2015 at 10:37:53PM -0700, Tim Hockin wrote:
> > right? So it should be at the name_from_dns stage in lookup_name.c.
> > The simplest implementation approach is probably to wrap name_from_dns
> > with a name_from_dns_search function that reads the search domains and
> > repeatedly calls name_from_dns until it gets success.
> >
> > One oddity/ugliness of search that needs to be considered is that
> > querying different address families may lead to differently-sourced
> > results. For example if you query example.us with ndots=2, a search
> > domain of example.com, and the following records present:
> >
> >         example.us.example.com A
> >         example.us AAAA
> >
> > then an AF_UNSPEC or AF_INET query yields a v4-only result for
> > example.us.example.com while an AF_INET6 query "sees through" to the
> > example.us record because the search of example.com fails. This seems
> > quite ugly and counter-intuitive, but I don't see any way to do better
> > that makes sense.
> 
> If that is how the records are laid out, I think you have to allow it.

It turns out this is a non-issue. If a name lacks the requested A or
AAAA record, but has some records, then we get rcode==0 rather than
rcode==3 (success rather than NxDomain) with 0 results. In that case
we can stop the search rather than continuing and there is no
inconsistency. Making this work right required a small fix in musl's
current rcode handling but it was easy.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.