> On Apr 13, 2020, at 5:52 AM, Viktor Dukhovni <postfix-us...@dukhovni.org> > wrote: > > Indeed searching the github repo for RES_USE_DNSSEC and RES_USE_EDNS0 finds > hits only the header file, and similarly: > > > https://raw.githubusercontent.com/runtimejs/musl-libc/master/src/network/res_state.c > > pretty much rules out support for configurable lookup options. Bottom line: > > https://dilbert.com/strip/1995-06-24
The musl-libc resolver code also includes gems like: https://github.com/runtimejs/musl-libc/blob/master/src/network/__dns.c#L67-L69 So not terribly safe if using a remote resolver. Definitely no support for EDNS(0) or sending the "DO" or "AD" bits in the request. Always queries all resolvers in parallel without waiting for a short timeout from the first one (or use connect(2) for prompt notification of host/port unreachable). There is no support for truncated responses or TCP failover, so if a host has enough IP addresses, some may be dropped, and FcRDNS checks may fail spuriously. This library cuts too many corners, it is not supported. -- Viktor.