> On Jun 9, 2018, at 5:27 PM, admin--- via Exim-dev <[email protected]> wrote: > > > Git Commit <[email protected]> changed: > > What |Removed |Added > ---------------------------------------------------------------------------- > CC| |[email protected] > > --- Comment #2 from Git Commit <[email protected]> --- > Git commit: > https://git.exim.org/exim.git/commitdiff/d8d9f9301c9a31c826635bbdd334bb4be99ea05a > > commit d8d9f9301c9a31c826635bbdd334bb4be99ea05a > Author: Jeremy Harris <[email protected]> > AuthorDate: Thu Jun 7 18:08:22 2018 +0100 > Commit: Jeremy Harris <[email protected]> > CommitDate: Thu Jun 7 18:08:22 2018 +0100 > > follow cname chains only one step. bug 2264 > ---- > doc/doc-docbook/spec.xfpt | 14 ++++++++++++++ > doc/doc-txt/ChangeLog | 7 +++++++ > doc/doc-txt/OptionLists.txt | 1 + > src/README.UPDATING | 8 ++++++++ > src/src/dns.c | 19 +++++++++++++------ > src/src/globals.c | 1 + > src/src/globals.h | 1 + > src/src/readconf.c | 1 + > src/src/verify.c | 5 ++--- > test/aux-var-src/tls_conf_prefix | 1 + > test/stdout/0572 | 2 ++ > test/stdout/0577 | 1 + > 12 files changed, 52 insertions(+), 9 deletions(-) I am confused by the comments in the bug tracker and code. Can you share the cases you found that make it necessary to recurse one extra time? I would expect the following behaviour from an iterative resolver: Zone: cname.example. IN CNAME cname2.example. cname2.example. IN CNAME nomx.example. nomx.example. IN A 192.0.2.1 Query: cname.example. IN MX ? Response: Header.RCODE: NOERROR Answers: cname.example. IN CNAME cname2.example. cname2.example. IN CNAME nomx.example. >From which, without further recursion one may conclude that "cname.example" has no MX RRs. Per RFC5321, one can treat "nomx.example" as the destination domain with an implicit MX RRset of: nomx.example. IN MX 0 nomx.example. The "AD" bit from the response indicates whether the chain from "cname.example." to "nomx.example." is secure, and opportunistic DANE support can be engaged accordingly. If the RCODE is "NXDOMAIN", the original name or else the final CNAME target does not exist. If the RCODE is "NOERROR" and MX records are returned for the final CNAME target: cname3.example. IN CNAME cname4.example. cname4.example. IN CNAME hasmx.example. hasmx.example. IN MX 0 smtp.hasmx.example. then the resolver should return an answer containing both CNAMEs and the MX records of the final target. If the resolver is unable to reach the end of the chain (due to loops, timeouts, recursion limits, ...) it should return SERVFAIL. Are you seeing something else? -- Viktor. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
Re: [exim-dev] [Bug 2264] DNS lookups should not chase CNAME chains
Viktor Dukhovni via Exim-dev Sat, 09 Jun 2018 15:05:13 -0700
- [exim-dev] [Bug 2264] New: DNS lookups should... admin--- via Exim-dev
- [exim-dev] [Bug 2264] DNS lookups should... admin--- via Exim-dev
- Re: [exim-dev] [Bug 2264] New: DNS looku... Viktor Dukhovni via Exim-dev
- [exim-dev] [Bug 2264] DNS lookups should... admin--- via Exim-dev
- [exim-dev] [Bug 2264] DNS lookups should... admin--- via Exim-dev
- [exim-dev] [Bug 2264] DNS lookups should... admin--- via Exim-dev
- Re: [exim-dev] [Bug 2264] DNS lookup... Viktor Dukhovni via Exim-dev
- Re: [exim-dev] [Bug 2264] DNS lo... Jeremy Harris via Exim-dev
- Re: [exim-dev] [Bug 2264] DN... Viktor Dukhovni via Exim-dev
- Re: [exim-dev] [Bug 226... Jeremy Harris via Exim-dev
- Re: [exim-dev] [Bug... Viktor Dukhovni via Exim-dev
- [exim-dev] [Bug 2264] DNS lookups should... admin--- via Exim-dev
- [exim-dev] [Bug 2264] DNS lookups should... admin--- via Exim-dev
