res_query() brain damage
Michael Deutschmann
michael at talamasca.ocis.net
Thu Dec 3 05:15:18 UTC 2009
Recently, I've transitioned my routing computer over to uClibc. It
mostly works well, but I noticed some minor glitches with Exim (the mail
server).
After some investigation, I traced the problem to uClibc's
implementation of res_query, which contains the following:
--
i = __dns_lookup(dname, type, __nameserversXX, [...]
if (i < 0) {
h_errno = TRY_AGAIN;
return -1;
}
--
This means that all negative DNS results get reported as temporary
failures -- which confuses the mailserver. It cares much about the
difference between an ambiguous result due to failure and an definitive
denial that a record exists.
The result is a lot of log messages complaining about tempfailing dnsbl
blacklists (but fortunately no actual loss of their spam protection),
and endless deferral of email coming from domains with no MX record.
Diking the "h_errno = TRY_AGAIN;" line appears to resolve the problem.
(h_errno is set properly from within __dns_lookup.)
Were this a complicated emergent behavior of the library, I'd just
report it via the bug tracker. However, this looks like it was
deliberate -- so I'm bringing it to the list for comment.
---- Michael Deutschmann <michael at talamasca.ocis.net>
More information about the uClibc
mailing list