Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 19 Jul 2021 17:12:25 -0400
From: Rich Felker <>
To: "Olivier A." <>
Subject: Re: getaddrinfo() fails for domains with no AAAA records

On Mon, Jul 19, 2021 at 11:07:21PM +0200, Olivier A. wrote:
> On 19/07/2021 14:58, Yuri Kanivetsky wrote:
> >  [..]
> Hi,
> I notice that too. If both A and AAAA are sent and there is a
> response for A and NXDomain for AAAA
> musl-libc discard both results. It's the expected behaviour
> according to this commit:
> And it conform to
> It's was not the case before Alpine-Linux 3.13
> But I also notice that if the DNS reply ServFailed instead of
> NXDomain for AAAA request, musl-libc retry 10 times, return 'bad
> address' and do not fallback to return a A record.
> According to
> it's not
> expected.

This behavior is necessary/mandatory to provide secure behavior under
DNSSEC. Otherwise a forged response (causing ServFail) would result in
a false answer returned to the application, indicating that only one
or the other exists, rather than the correct inconclusive answer.

This is

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.