Date: Mon, 19 Jul 2021 17:12:25 -0400 From: Rich Felker <dalias@...c.org> To: "Olivier A." <olivier.antoine@...il.com> Cc: musl@...ts.openwall.com Subject: Re: getaddrinfo() fails for domains with no AAAA records (regression?) On Mon, Jul 19, 2021 at 11:07:21PM +0200, Olivier A. wrote: > On 19/07/2021 14:58, Yuri Kanivetsky wrote: > > [..] > > Hi, > > I notice that too. If both A and AAAA are sent and there is a > response for A and NXDomain for AAAA > > musl-libc discard both results. It's the expected behaviour > according to this commit: > > https://git.musl-libc.org/cgit/musl/commit/src/network/lookup_name.c?id=5cf1ac2443ad0dba263559a3fe043d929e0e5c4c > > And it conform to https://datatracker.ietf.org/doc/html/rfc8020 > > It's was not the case before Alpine-Linux 3.13 > > But I also notice that if the DNS reply ServFailed instead of > NXDomain for AAAA request, musl-libc retry 10 times, return 'bad > address' and do not fallback to return a A record. > > According to > https://datatracker.ietf.org/doc/html/rfc4074#section-4.3 it's not > expected. This behavior is necessary/mandatory to provide secure behavior under DNSSEC. Otherwise a forged response (causing ServFail) would result in a false answer returned to the application, indicating that only one or the other exists, rather than the correct inconclusive answer. This is https://sourceware.org/bugzilla/show_bug.cgi?id=27929
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.