On 2017-09-11 at 20:58 +0200, Heiko Schlittermann via Exim-dev wrote: > I'm not sure if I got it. You want to re-invent a caching name service > inside Exim?
No, just a resolver which can be custom-configured. There's a lot of value for spam-fighting in being able to do custom DNS queries, although whether that belongs in Exim vs rspamd or whatever is a different question. Example query: "nameservers for this domain as registered in the parent zone". NS records are authoritative below the cut and normal APIs will always return the below-cut answer. Fast-flux DNS abusing spammers, pointing NS records at compromised hosts, use this and have done for years. Having the ability to look up the records registered in the parent zone and use _those_ in an RBL-style lookup ... that would be Very Handy. So there's some value in having an optional, EXPERIMENTAL_FOO feature, for more advanced DNS handling. We have pseudo-RRtypes for dnsdb already, but adding "NS at parent" couldn't be done with the current libresolv API. I've been repeatedly disgusted at the hoops we have to go through with the `_res` symbol and handling it cleanly, including on NetBSD which is Different From Everyone Else To Be More Correct. Replacing all of the DNS lookups with getdns-based handling, if built with EXPERIMENTAL_GETDNS, and then adding a few more features too, could be sensible. For the DNSSEC folks, being able to affirm validation without trusting across-the-wire that AD bit is tamper-proof is nice. I think it's worth noting here that Rob _runs_ a commercial RBL (I'm actually a paying customer of his) and so is in a good situation to be able to make the call about load and caching. -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
