[musl] Resolver routines, Postfix DNSSEC troubles - how to check for incompatibilities?

mailing list of musl libc
 help / color / mirror / code / Atom feed

From: Christian <list-christian@web.de>
To: musl@lists.openwall.com
Subject: [musl] Resolver routines, Postfix DNSSEC troubles - how to check for incompatibilities?
Date: Mon, 13 Apr 2020 11:25:41 +0200	[thread overview]
Message-ID: <9832107bf742db3145a3960c28cde867f924fe1f.camel@web.de> (raw)

Hi there,

I am having an issue in my alpine docker setup with Postfix. I
activated DANE for my server and did some tests if E-Mails are handled
correctly. In that I found the outgoing mails to fail using DANE.

Investigating the issue with Viktor Dukhovni over at postfix-users, we
figured, that Postfix has troubles recognising the DANE parameters of
the target server I am sending my E-Mails to. If you are interested in the conversation: https://pastebin.com/1e3sR0Hq

In the tcpdumps we could figure, that no DNSSEC flags are in the
request by Postfix, hence not getting the information to properly do
DANE. That explains the failure of DANE, however not why this is
happening.

I am no programmer, hence not sure about libc etc. but Viktors last
thought:
"When Postfix is configured with "smtp_dns_support_level = dnssec", the
RES_USE_DNSSEC and RES_USE_EDNS0 flags are set around calls to the
resolver routines.  If your C-library (perhaps only inside docker) has
an incopatible resolver API, then you'll need a more compatible
resolver library and/or a different container technology."

In comparison using dig to check for DNSSEC out of the same container
based on alpine works. However I do not know if the request is
constructed the same way.

So the question is now on how we can go about this to figure if there
is an incompatibility?

Kind regards
  Christian

next             reply	other threads:[~2020-04-13  9:25 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-13  9:25 Christian [this message]
2020-04-13 11:20 ` Christian
2020-04-13 15:29   ` Rich Felker
2020-04-13 15:52   ` Florian Weimer
2020-04-13 16:07     ` Rich Felker
2020-04-13 16:38     ` Rich Felker
2020-04-13 17:51       ` Christian
2020-04-13 18:04         ` Rich Felker
2020-04-14  9:57       ` Florian Weimer
2020-04-14 15:53         ` Rich Felker
2020-04-14 16:54           ` Florian Weimer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=9832107bf742db3145a3960c28cde867f924fe1f.camel@web.de \
    --to=list-christian@web.de \
    --cc=musl@lists.openwall.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.vuxu.org/mirror/musl/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).