Viktor Dukhovni <[email protected]> (Di 08 Apr 2014 23:35:57 CEST): > On Tue, Apr 08, 2014 at 09:28:22PM +0200, Heiko Schlittermann wrote: > > > > Under the covers, if the address is on the public Internet, and > > > requires DNS lookups for resolution, if the local resolver is > > > configured to do DNSSEC, it will be validated. There is like at > > > this time no reason for Exim to explicitly distinguish DNSSEC > > > validated IP addresses from those that were obtained from unsigned > > > zones. Therefore, if the goal is to simply filter out forgeries, the > > > nameserver will already discard "bogus" results. > > > > But does the client application have a way to tell if the getnameinfo() > > result is validated? Or failed because of a failed validation? > > My claim is that it does not matter. The IP->name mapping alone > is not terribly interesting from a security perspective.
Probably we misunderstood each other. I was talking more about MX, A, AAA, SRV lookups. You where probably talking about PTR lookups, aren't you? -- Heiko
signature.asc
Description: Digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
