Am Montag, den 13.04.2020, 05:52 -0400 schrieb Viktor Dukhovni: > > On Apr 13, 2020, at 4:56 AM, Christian <list-christ...@web.de> wrote: > > The container is running on alpine, hence with muslc libc. After > seeing > the tcpdump yesterday, I thought as well, if that could be an issue. > > I am no programmer, however 2 things strike me: > Dig is able to construct a proper request and I thought it is using > the > resolver routines for its tests? > > No, dig(1) does not use libresolv, it has its own, much more > sophisticated > DNS packet encoding and decoding routines, which expose features not > available > via the traditional libresolv. > > > resolv.h for musl-libc at lease mention RES_USE_DNSSEC and > RES_USE_EDNS0 (not sure if that means anything) > https://git.musl-libc.org/cgit/musl/tree/include/resolv.h#n102 > https://git.musl-libc.org/cgit/musl/tree/include/resolv.h#n105 > > The comment on line 25: > > > https://github.com/runtimejs/musl-libc/blob/master/include/resolv.h#L25 > > is not encouraging. It suggests that _res is unused. If so, Postfix > DNS > does not work correctly with this C library. And not just for DANE, > since > Postfix is also unable to to control RES_DEFNAMES and RES_DNSRCH. > > Indeed searching the github repo for RES_USE_DNSSEC and RES_USE_EDNS0 > finds > hits only the header file, and similarly: > > > https://raw.githubusercontent.com/runtimejs/musl-libc/master/src/network/res_state.c > > pretty much rules out support for configurable lookup > options. Bottom line: > > https://dilbert.com/strip/1995-06-24 >
Ok, I understand that, will check with the musl-libc guys on why this is the case. They write "broken apps", so in their view there is another way to do this which is "not broken"?! Could it be that I step into a discussion on how this is done "right"? ;-) Nevertheless, it should probably be included in the Postfix DANE documentation to avoid muslc setups with postfix for now. As most people (as I did before) do not test outgoing DANE, this goes unnoticed. Thanks a lot for your help! Will check back if I have news. > So I am not sure if this means anything for postfix, but how could we > find out that it is indeed an incompatibility? Is there a way to log > the construction of the request and hence the failure to properly > send > it? > > You are logging it, with tcpdump. I am afraid that musl-libc is > unsuitable > for use with Postfix. You'll need a container with a less crippled > C-library. > > >
