Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 6 Dec 2018 16:01:52 -0500
From: Rich Felker <dalias@...c.org>
To: Florian Weimer <fweimer@...hat.com>
Cc: "A. Wilcox" <awilfox@...lielinux.org>, musl@...ts.openwall.com
Subject: Re: DNS resolver patch

On Thu, Dec 06, 2018 at 09:36:01PM +0100, Florian Weimer wrote:
> * A. Wilcox:
> 
> > On 12/06/18 12:18, Florian Weimer wrote:
> >> The alternative, using a NOERROR/NODATA response, confuses musl search
> >> processing.
> >
> > ???
> >
> > The musl resolver should be able to handle a resolver returning NODATA.
> > That is popular for having a separate extranet infrastructure - your
> > extranet DNS only contains records for your local domain and returns
> > NODATA for requests outside that domain.
> >
> > If you are correct that such a response "confuses musl search
> > processing", that's a bug in musl that needs to be fixed.
> 
> <https://www.openwall.com/lists/musl/2018/03/31/2>
> 
> I don't know if it was merged.

That patch didn't (and fundamentally can't) produce fully-consistent
results (consistent with non-A/AAAA queries). Something similar (with
configurable opt-in) might be sufficient if there were a need, but
supposedly the underlying issue with Cloudflare was fixed. So in
summary, it hasn't been merged.

Rich

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.