Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 13 Apr 2020 12:38:00 -0400
From: Rich Felker <>
To: Florian Weimer <>
Cc: Christian <>,
Subject: Re: Resolver routines, Postfix DNSSEC troubles - how to check
 for incompatibilities?

On Mon, Apr 13, 2020 at 05:52:34PM +0200, Florian Weimer wrote:
> * Christian:
> > So Viktor did some digging:
> >
> > "The comment on line 25:
> >
> >
> >
> > is not encouraging.  It suggests that _res is unused. If so, Postfix
> > DNS does not work correctly with this C library.  And not just for DANE, since Postfix is also unable to to control RES_DEFNAMES and RES_DNSRCH.
> Are these changes to the RES_DEFNAMES and RES_DNSRCH flags really
> necessary? Why doesn't Postfix use res_query (or perhaps res_send) as
> appropriate?

But to actually answer these questions, modifying the flags is
presumably because traditional req_query builds an rfc1035 query or
edns query based on these flags derived from from resolv.conf, and
Postfix either assumes or wants to support the case where resolv.conf
is not already configured for edns, perhaps because it was generated
by a dhcp client.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.