Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <5CEB8952-4884-4FA2-ACD9-1BA118D2CB50@rb67.eu>
Date: Mon, 24 Aug 2020 22:39:30 +0200
From: Daniel Neri <dne+musl@...7.eu>
To: musl@...ts.openwall.com
Subject: Re: Incompatible behaviour of res_query(3) w.r.t. NXDOMAIN

On 24 Aug 2020, at 18:43, Rich Felker <dalias@...c.org> wrote:
> 
> Hmm, I think in this case the "better" might be sufficient that we
> want to keep it and pressure other implementations to change too. A
> program performing a lookup where the result is NxDomain may very well
> want to know whether that's an authenticated (by DNSSEC) NxDomain or
> one in an insecure zone. Returning an error to the caller with no
> packet contents discards this critical data.

In that case, it’d be better to add a new resolver API, or implement an already existing one that supports this usecase. The other implementations I mentioned also support option flags (in global state) that can change the behaviour.

res_query(3) is almost as old as DNS itself — it doesn’t seem likely that everyone else, both libraries and applications, are going to make incompatible changes at this point.


Regards,
Daniel

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.