Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87eenvya2r.fsf@mid.deneb.enyo.de>
Date: Tue, 25 Aug 2020 00:04:44 +0200
From: Florian Weimer <fw@...eb.enyo.de>
To: Rich Felker <dalias@...c.org>
Cc: musl@...ts.openwall.com
Subject: Re: Incompatible behaviour of res_query(3) w.r.t. NXDOMAIN

* Rich Felker:

> On Mon, Aug 24, 2020 at 11:04:49PM +0200, Florian Weimer wrote:
>> * Rich Felker:
>> 
>> > Hmm, I think in this case the "better" might be sufficient that we
>> > want to keep it and pressure other implementations to change too. A
>> > program performing a lookup where the result is NxDomain may very well
>> > want to know whether that's an authenticated (by DNSSEC) NxDomain or
>> > one in an insecure zone. Returning an error to the caller with no
>> > packet contents discards this critical data.
>> 
>> Isn't this the behavior you'd get with res_send?
>> 
>> I think such error translation is precisely the point of the res_query
>> convenience function (along with the implicit construction of the
>> query packet).
>
> Does such a distinction exist?

Yes, I think so.  It's the behavior of the BIND 4 era stub resolver
code.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.