Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 19 Jul 2021 17:12:25 -0400
From: Rich Felker <dalias@...c.org>
To: "Olivier A." <olivier.antoine@...il.com>
Cc: musl@...ts.openwall.com
Subject: Re: getaddrinfo() fails for domains with no AAAA records
 (regression?)

On Mon, Jul 19, 2021 at 11:07:21PM +0200, Olivier A. wrote:
> On 19/07/2021 14:58, Yuri Kanivetsky wrote:
> >  [..]
> 
> Hi,
> 
> I notice that too. If both A and AAAA are sent and there is a
> response for A and NXDomain for AAAA
> 
> musl-libc discard both results. It's the expected behaviour
> according to this commit:
> 
> https://git.musl-libc.org/cgit/musl/commit/src/network/lookup_name.c?id=5cf1ac2443ad0dba263559a3fe043d929e0e5c4c
> 
> And it conform to https://datatracker.ietf.org/doc/html/rfc8020
> 
> It's was not the case before Alpine-Linux 3.13
> 
> But I also notice that if the DNS reply ServFailed instead of
> NXDomain for AAAA request, musl-libc retry 10 times, return 'bad
> address' and do not fallback to return a A record.
> 
> According to
> https://datatracker.ietf.org/doc/html/rfc4074#section-4.3 it's not
> expected.

This behavior is necessary/mandatory to provide secure behavior under
DNSSEC. Otherwise a forged response (causing ServFail) would result in
a false answer returned to the application, indicating that only one
or the other exists, rather than the correct inconclusive answer.

This is https://sourceware.org/bugzilla/show_bug.cgi?id=27929

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.