X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fdns.c;h=297b8b88da7f253be56807459cb5d9e38c4c14e2;hb=ffbc20ed9c9ed09a68ff0a608f623c3c83d521a8;hp=83de7c26684ea3a6ad640089899c59e986dcb453;hpb=f9ba5e2255cf18092750fffacb6a9603571a2be5;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/src/src/dns.c b/src/src/dns.c index 83de7c266..297b8b88d 100644 --- a/src/src/dns.c +++ b/src/src/dns.c @@ -674,10 +674,10 @@ if ((previous = tree_search(tree_dns_fails, node_name))) { DEBUG(D_dns) debug_printf("DNS lookup of %.255s-%s: using cached value %s\n", name, dns_text_type(type), - (previous->data.val == DNS_NOMATCH)? "DNS_NOMATCH" : - (previous->data.val == DNS_NODATA)? "DNS_NODATA" : - (previous->data.val == DNS_AGAIN)? "DNS_AGAIN" : - (previous->data.val == DNS_FAIL)? "DNS_FAIL" : "??"); + previous->data.val == DNS_NOMATCH ? "DNS_NOMATCH" : + previous->data.val == DNS_NODATA ? "DNS_NODATA" : + previous->data.val == DNS_AGAIN ? "DNS_AGAIN" : + previous->data.val == DNS_FAIL ? "DNS_FAIL" : "??"); return previous->data.val; } @@ -693,7 +693,7 @@ if ((previous = tree_search(tree_dns_fails, node_name))) DEBUG(D_dns) debug_printf("DNS name '%s' utf8 conversion to alabel failed: %s\n", name, errstr); - host_find_failed_syntax = TRUE; + f.host_find_failed_syntax = TRUE; return DNS_NOMATCH; } name = alabel; @@ -738,7 +738,7 @@ if (check_dns_names_pattern[0] != 0 && type != T_PTR && type != T_TXT) DEBUG(D_dns) debug_printf("DNS name syntax check failed: %s (%s)\n", name, dns_text_type(type)); - host_find_failed_syntax = TRUE; + f.host_find_failed_syntax = TRUE; return DNS_NOMATCH; } } @@ -761,7 +761,7 @@ if ((type == T_A || type == T_AAAA) && string_is_ip_address(name, NULL) != 0) (res_search), we call fakens_search(), which recognizes certain special domains, and interfaces to a fake nameserver for certain special zones. */ -dnsa->answerlen = running_in_test_harness +dnsa->answerlen = f.running_in_test_harness ? fakens_search(name, type, dnsa->answer, sizeof(dnsa->answer)) : res_search(CCS name, C_IN, type, dnsa->answer, sizeof(dnsa->answer)); @@ -836,6 +836,8 @@ return DNS_SUCCEED; /* Look up the given domain name, using the given type. Follow CNAMEs if necessary, but only so many times. There aren't supposed to be CNAME chains in the DNS, but you are supposed to cope with them if you find them. +By default, follow one CNAME since a resolver has been seen, faced with +an MX request and a CNAME (to an A) but no MX present, returning the CNAME. The assumption is made that if the resolver gives back records of the requested type *and* a CNAME, we don't need to make another call to look up @@ -871,14 +873,19 @@ int i; const uschar *orig_name = name; BOOL secure_so_far = TRUE; -/* Loop to follow CNAME chains so far, but no further... */ +/* By default, assume the resolver follows CNAME chains (and returns NODATA for +an unterminated one). If it also does that for a CNAME loop, fine; if it returns +a CNAME (maybe the last?) whine about it. However, retain the coding for dumb +resolvers hiding behind a config variable. Loop to follow CNAME chains so far, +but no further... The testsuite tests the latter case, mostly assuming that the +former will work. */ -for (i = 0; i < 10; i++) +for (i = 0; i <= dns_cname_loops; i++) { uschar * data; dns_record *rr, cname_rr, type_rr; dns_scan dnss; - int datalen, rc; + int rc; /* DNS lookup failures get passed straight back. */ @@ -940,8 +947,8 @@ for (i = 0; i < 10; i++) return DNS_FAIL; data = store_get(256); - if ((datalen = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, - cname_rr.data, (DN_EXPAND_ARG4_TYPE)data, 256)) < 0) + if (dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, + cname_rr.data, (DN_EXPAND_ARG4_TYPE)data, 256) < 0) return DNS_FAIL; name = data;