I see a couple of pre-existing issues in options parsing
(not your problem, just questions for Rich):

On Tue, 25 Apr 2017, Stefan Sedich wrote:
> +void __parse_resolv_opts(struct resolvconf *conf, char *opts)
> +{
> +     char *p, *z;
> +
> +     p = strstr(opts, "ndots:");

This accepts xndots, _ndots, etc.  I think this is undesirable, prefixing a
character could be seen by some users as a way to "comment-out" an option
without deleting it, and such loose matching lays a trap for them. It also
breaks if a valid option ending in 'ndots' appears in the future.

> +     p = strstr(opts, "timeout:");
> +     if (p && (isdigit(p[8]) || p[8]=='.')) {
> +             p += 8;
> +             unsigned long x = strtoul(p, &z, 10);

Either stroul should be strtod, or accepting p[8]=='.' is pointless.
This was introduced in commit d6cb08bcaca4ff1f921375510ca72bccea969c75
that moved this chunk of code from res_msend.c to resolvconf.c and
introduced p[8]=='.' check en passant.

> @@ -89,5 +96,11 @@ no_resolv_conf:
>
>       conf->nns = nns;
>
> +     char *res_opts_env = NULL;
> +     if (!libc.secure) res_opts_env = getenv("RES_OPTIONS");
> +     if (res_opts_env) {
> +             __parse_resolv_opts(conf, res_opts_env);
> +     }

This might look slightly cleaner if written as

        if (!libc.secure) {
                const char *opts = getenv("RES_OPTIONS");
                if (opts) __parse_resolve_opts(conf, opts);
        }

Alexander