From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.1 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,FREEMAIL_FROM,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2 autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 27871 invoked from network); 4 Dec 2022 05:46:18 -0000 Received: from second.openwall.net (193.110.157.125) by inbox.vuxu.org with ESMTPUTF8; 4 Dec 2022 05:46:18 -0000 Received: (qmail 24221 invoked by uid 550); 4 Dec 2022 05:46:15 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 24189 invoked from network); 4 Dec 2022 05:46:14 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=s31663417; t=1670132762; bh=6w0BHqqbZwhMHpvskEBsDrhtiPP9QJYvnMSqgucaTbg=; h=X-UI-Sender-Class:Date:From:To:Subject:References:In-Reply-To; b=euYly4MP6wI4tV5/izedcmJnbPf4Vc/OH3UXP4AF8qDou8TehD/YohskwZgQ1nGMz TKNM6oM6eplkthDT9bJGV1gANNMMcI3lrsPsi74ge3sLQro0dNEWgCvRsIYx4fDxK0 SY+88JnB7H4jy/pIv1kcj/RMTOJKf4vOTRfCabx3a68UXkjVCJynV3J9OAXY4Yrh5R G4/zmhCvxypixzzcmbZU0hfnCLqCs155iCnGChsnPY2EmnsAhJcehgJ2XB4tLdyXDc 10DtBaSW06a5Z9s0n3WMbI6R/R8ckVl+TYaMdUnKlxTg1zfy0TSz+FAAuO23M7mfqN 4OgjbpjakbP5A== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Date: Sun, 4 Dec 2022 06:45:59 +0100 From: Markus Wichmann To: musl@lists.openwall.com Message-ID: <20221204054559.GB23755@voyager> References: <20221204040254.pfd3bqjztfw4vrue@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20221204040254.pfd3bqjztfw4vrue@localhost> User-Agent: Mutt/1.9.4 (2018-02-28) X-Provags-ID: V03:K1:1lJZXPPF20DmPlxtPkHOuZCenVzCe+lCoCE/r0P2LqB4HCFNYRF zFOOdJZpooUWpstvq0ToJeDSrbbqteoai17H9XsJqr7y923jtglNzl6JH0sZriOI6+7N88L QKNxQwM6820bT0vsuIFOXTGackwZALx5usDVdTZowqFikIJAaw4Agv032RWANlzLDReST+8 aQhxDMGVqZ4+Ik3mzu2+g== UI-OutboundReport: notjunk:1;M01:P0:tTm2SZx8Nrc=;Sy+fVcxrpTqtmgV/KDyE4JaLQGG lNxHBoJC62R1h6jE/F3H1kRyvuZ+SjbV6sj3wtz0Jl2otmt1Zn2syswbwR58qq3DSrSFd7VuV RUF3/JGiIIwkEFoFNA0vkDk4zQPLP7t3I2xGFsaPx1cvwbiUk2gZJywjumO7NVkhwsoqboI5a xhBzfk6oz/O9OkmPytNiOcCrh1RFHPT9YTHPlzrYOoGdUc2wzYJkiUclNjatQ/VYXIbFnxhj8 kzUME7ai0S86i+PZgNfL55D/GEyzx4RrJ3hT22rCnx5D/JzzyCYG4KavCcECyVaJjyOfUlePl OaO+FqAeDgsgA8XS+1IMKjKac9KsQY4H4XqATwQfVa5JT00xZIDxDlHWdXkNnhCdSOnu6vfgV o9BNRdpr6o674YHQEUmxoZRyPQzOJPNy8d7y/IogO/YLuGWX8iwdKVh7fc9SHVtSOU1DG/n4d raNm146c1W4IWiDStHMPwYrUOqcMCYGPoIivXLXVeqVb+1Bo+C9qByXwlm055mNjMVM50S5RC UZQJuqgkFV97z1qxaDl+mSkv5IGTetoZ1mWgKn2iBssCk6Of1WQNtutgkrvnvKWvLcd/BW/Lx dWgTCm4GOLXr+YNdJ7cRhyyxFgKBh30OLCN9BElnOeY3bXxAnv8IXz9EZmDkcHBpCgtCBgM/W KchYpNAQQ3Vl9SJarssmQFMuXnSvus4CKpLWufe06rZu+A6msL4FJ3yAqHpVrzvoNWBelpvd9 REV5BufmwdZ5guq7TFcCgtmIpnuVhdsQuhvUvjlR+vK9f7X+1bRcaVp3W/Hh0RjOO1TdVeABy D936f492eJdT8+CrVUBHvj2ZuV4uekUK5rhkfdZ/r/DGQB9lcGUnX9RcOlMdWFNcNjVr+fICb 2ua7gCbql5ejasjJr2fOihCK79JdIXG/ypXxRpJ+72D4v2+tiNHdyAxUc1eJcx+X9Zo+gNhlm jFrvUxWXiWXYH0qC++L16U/CQxM= Subject: Re: [musl] lookup_name issue with search domains On Sun, Dec 04, 2022 at 12:02:54AM -0400, Kenny MacDermid wrote: > The issue arises when it queries my cloudflare hosted domain (which also > uses dnssec). That query does not have the reply code flags set to 3. > Instead it's set to 0. This results in name_from_dns() returning > EAI_NODATA. I think we had that report before. The problem is that cloudflare is wrong here. DNS response with empty data section and NOERROR status means the domain name exists, but has no records of the requested type. If cloudflare is reporting that for a name where that isn't true, they are making a mistake. This is a cloudflare-specific break with the DNS standards (don't ask me which, though), so we probably won't change musl to deal with this. Simplest solution for the known-bad actor is to write a proxy server that turns the wrong answers into correct ones. Ciao, Markus