On 2013-11-17 at 17:24 +0000, Viktor Dukhovni wrote: > Perhaps what I propose below is impractical for Exim, but otherwise, > I think it makes sense to not change default DNS behaviour except > when performing MX lookups and resolving MX host IP addresses.
We have a number of contexts where DNS resolution is done, with explicit routing to hosts, which can be looked up in various different ways depending upon configuration. All of those call dns_init() before they start, and loosely speaking, they change `_res.options`. More accurately, they change the resolver object, whatever that might happen to be, which is `_res` on "everything except NetBSD", I believe, and something more dynamic on NetBSD. (Boy did that change cause fallout on HP-UX and its ilk, needing to know the _type_ of _res, portably). We don't reset afterwards. At present, without looking, my recollection is that there are too many error paths out of the DNS lookups to make that a sane proposition, but if/when we revamp DNS handling to put our own DNS API more firmly in there, your suggestion is, obviously, the right thing to do. My vague tentative thought has been to use a GetDNS API implementation, falling back to _res handling, once we have an actual implementation of that new(ish) spec. > when flags includes "RES_USE_DNSSEC", the additional flag RES_EDNSO > is automatically added to flags and its current setting to saved_options. http://git.exim.org/exim.git/blob/HEAD:/src/src/dns.c#l156 We already provide an Exim level option `dns_use_edns0` to let an admin explicitly turn on RES_EDNS0 without touching /etc/resolv.conf (especially useful if that file doesn't support `options edns0`), which can help when dealing with remote MX sets of unusually large size. The code correctly (I believe) handles the interactions of `dns_use_dnssec` and `dns_use_edns0`, explicitly turning on the latter unless it has already been explicitly overriden to off by the administrator, in which case dns_use_dnssec is forced off too, the debug-log records what happened, etc. If you can spot any flaws, besides that we mutate persisted state and don't deal with external libraries using DNS too, please let me know so I can fix it. :) -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/