Hello walter, Le mardi 10 mars 2015 à 11:46:33, walter harms a écrit : > > Am 09.03.2015 21:44, schrieb Stéphane Aulery: > > Missing options: RES_INSECURE1, RES_INSECURE2, RES_NOALIASES, USE_INET6, > > ROTATE, NOCHECKNAME, RES_KEEPTSIG, BLAST, USEBSTRING, NOIP6DOTINT, USE_EDNS0, > > SNGLKUP, SNGLKUPREOP, RES_USE_DNSSEC, NOTLDQUERY, DEFAULT > > > > Written from the glibc source and resolv.conf.5. > > > > Debian bug #527136 reported by Jakub Wilk <ubanus@xxxxxxxxxxxx> > > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527136 > > Signed-off-by: Stéphane Aulery <saulery@xxxxxxx> > > --- > > man3/resolver.3 | 99 ++++++++++++++++++++++++++++++++++++++++++++++++++++----- > > 1 file changed, 91 insertions(+), 8 deletions(-) > > > > diff --git a/man3/resolver.3 b/man3/resolver.3 > > index 19c4192..06704b1 100644 > > --- a/man3/resolver.3 > > +++ b/man3/resolver.3 > > @@ -197,19 +197,20 @@ which is not the default. > > Accept authoritative answers only. > > .BR res_send () > > continues until > > -it finds an authoritative answer or returns an error. [Not currently > > -implemented]. > > +it finds an authoritative answer or returns an error. > > +[Not currently implemented]. > > .TP > > .B RES_USEVC > > Use TCP connections for queries rather than UDP datagrams. > > .TP > > .B RES_PRIMARY > > Query primary domain name server only. > > +[Not currently implemented]. > > pitpicking: > the phrase is normally "not yet implemented" That's not me. We can change it ? > perhaps you can add as comment what version you have tested to > give pple a hint where to look. I have not tested. It is written in code: https://sourceware.org/git/?p=glibc.git;a=blob;f=resolv/res_debug.c;hb=44a6213c8eebf3f69712a5fba9a33bbb90a79023#l565 For that matter to seek versions, why not just give the version of this that is implemented. This will be information that does not expires. > > .TP > > .B RES_IGNTC > > Ignore truncation errors. > > -Don't retry with TCP. [Not currently > > -implemented]. > > +Don't retry with TCP. > > +[Not currently implemented]. > > .TP > > .B RES_RECURSE > > Set the recursion desired bit in queries. > > @@ -238,10 +239,92 @@ domain and in parent domains. > > This option is used by > > .BR gethostbyname (3). > > [Enabled by default]. > > -.PP > > -This list is not complete. > > -You can find some other flags described in > > -.BR resolv.conf (5). > > +.TP > > +.B RES_INSECURE1 > > +Accept a response from a wrong server and show it on standard output > > +(for debug purpose only). > > is there a debug mode switch or is this a compiletime option ? > this could be of interest for admins that do not want this. > > just my 2 cents, > wh That's options are always available. The message display is subjected to the simultaneous use of RES_DEBUG option. However, the commentary and option name imply that it is to test security flaws, but at your own risk: /* * response from wrong server? ignore it. * XXX - potential security hazard could * be detected here. */ I realize that my description may not be entirely fair. It could be : Accept a response from a wrong server. Potential security hazard could be detected here, but you need to compile glibc with debugging enabled and use RES_DEBUG option. Regards, -- Stéphane Aulery -- To unsubscribe from this list: send the line "unsubscribe linux-man" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
