-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.437 2006/11/20 11:57:56 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.438 2006/11/20 13:53:44 ph10 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
PH/46 Applied Jori Hamalainen's patch to add features to exiqsumm.
+PH/47 Put in an explicit test for a DNS lookup of an address record where the
+ "domain" is actually an IP address, and force a failure. This locks out
+ those revolvers/nameservers that support "A-for-A" lookups, in
+ contravention of the specifications.
+
+
Exim version 4.63
-/* $Cambridge: exim/src/src/dns.c,v 1.15 2006/11/07 14:13:19 ph10 Exp $ */
+/* $Cambridge: exim/src/src/dns.c,v 1.16 2006/11/20 13:53:44 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
Returns: DNS_SUCCEED successful lookup
DNS_NOMATCH name not found (NXDOMAIN)
or name contains illegal characters (if checking)
+ or name is an IP address (for IP address lookup)
DNS_NODATA domain exists, but no data for this type (NODATA)
DNS_AGAIN soft failure, try again later
DNS_FAIL DNS failure
number of bytes the message would need, so we need to check for this case. The
effect is to truncate overlong data.
-If we are running in the test harness, instead of calling the normal resolver
+On some systems, res_search() will recognize "A-for-A" queries and return
+the IP address instead of returning -1 with h_error=HOST_NOT_FOUND. Some
+nameservers are also believed to do this. It is, of course, contrary to the
+specification of the DNS, so we lock it out. */
+
+if ((
+ #ifdef SUPPORT_A6
+ type == T_A6 ||
+ #endif
+ type == T_A || type == T_AAAA) &&
+ string_is_ip_address(name, NULL) != 0)
+ return DNS_NOMATCH;
+
+/* If we are running in the test harness, instead of calling the normal resolver
(res_search), we call fakens_search(), which recognizes certain special
domains, and interfaces to a fake nameserver for certain special zones. */
projects / exim.git / commitdiff