Florian Weimer:
> * Rich Felker:
>
> > A solution that would work with existing and future versions of musl
> > as well as glibc, and would (I think) avoid the need to poke at _res
> > to set the glibc trustad flag, would be replacing the call to
> > res_query with res_mkquery, |='ing the AD bit into place, then
> > res_send.
>
> This will not give the result that Postfix programmers want on newer
> glibc versions (not without the trust-ad flag in /etc/resolv.conf).
The problem with using low-level res_*mkquery() is that Postfix
would have to re-implement all the high-level res_search() features
such as RES_DEFNAMES, RES_DNSRCH, retries over TCP after receiving
a truncated response, and so on.
I think that would be a bad solution. Fortunately, there are distros
that don't require such code duplication. I can tell tell people
that TLSA and DANE are unsupported with libc-musl, so they can
switch to something else.
Wietse
