From e97d1f088ab357d806bff8b7d5f3fce068a85989 Mon Sep 17 00:00:00 2001 From: Phil Pennock Date: Tue, 22 Mar 2011 09:37:32 -0400 Subject: [PATCH] Added dns_use_edns0 main option. Is int because need a "do not override default" option, but that stops us from using the bool expansion logic and so we need to explicitly set numbers. Should try to find a way around that. --- doc/doc-docbook/spec.xfpt | 14 ++++++++++++++ doc/doc-txt/ChangeLog | 2 ++ doc/doc-txt/NewStuff | 7 +++++++ src/src/dns.c | 18 ++++++++++++++++++ src/src/globals.c | 1 + src/src/globals.h | 1 + src/src/readconf.c | 1 + 7 files changed, 44 insertions(+) diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 0ea36fa50..5cfa344c0 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -12669,6 +12669,7 @@ See also the &'Policy controls'& section above. .row &%dns_ipv4_lookup%& "only v4 lookup for these domains" .row &%dns_retrans%& "parameter for resolver" .row &%dns_retry%& "parameter for resolver" +.row &%dns_use_edns0%& "parameter for resolver" .row &%hold_domains%& "hold delivery for these domains" .row &%local_interfaces%& "for routing checks" .row &%queue_domains%& "no immediate delivery for these" @@ -13301,6 +13302,19 @@ to set in them. See &%dns_retrans%& above. +.new +.option dns_use_edns0 main integer -1 +.cindex "DNS" "resolver options" +.cindex "DNS" "EDNS0" +If this option is set to a non-negative number then Exim will initialise the +DNS resolver library to either use or not use EDNS0 extensions, overriding +the system default. A value of 0 coerces EDNS0 off, a value of 1 coerces EDNS0 +on. + +If the resolver library does not support EDNS0 then this option has no effect. +.wen + + .option drop_cr main boolean false This is an obsolete option that is now a no-op. It used to affect the way Exim handled CR and LF characters in incoming messages. What happens now is diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 14dac2946..7105e5fc6 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -13,6 +13,8 @@ PP/02 Harmonised TLS library version reporting; only show if debugging. PP/03 New openssl_options items: no_sslv2 no_sslv3 no_ticket no_tlsv1 +PP/04 New "dns_use_edns0" global option. + Exim version 4.75 ----------------- diff --git a/doc/doc-txt/NewStuff b/doc/doc-txt/NewStuff index b940afe34..c205e9c98 100644 --- a/doc/doc-txt/NewStuff +++ b/doc/doc-txt/NewStuff @@ -9,6 +9,13 @@ test from the snapshots or the CVS before the documentation is updated. Once the documentation is updated, this file is reduced to a short list. +Version 4.76 +------------ + + 1. The global option "dns_use_edns0" may be set to coerce EDNS0 usage on + or off in the resolver library. + + Version 4.75 ------------ diff --git a/src/src/dns.c b/src/src/dns.c index dcafdb84a..bfef69927 100644 --- a/src/src/dns.c +++ b/src/src/dns.c @@ -180,6 +180,24 @@ _res.options |= (qualify_single? RES_DEFNAMES : 0) | (search_parents? RES_DNSRCH : 0); if (dns_retrans > 0) _res.retrans = dns_retrans; if (dns_retry > 0) _res.retry = dns_retry; + +#ifdef RES_USE_EDNS0 +if (dns_use_edns0 >= 0) + { + if (dns_use_edns0) + _res.options |= RES_USE_EDNS0; + else + _res.options &= ~RES_USE_EDNS0; + DEBUG(D_resolver) + debug_printf("Coerced resolver EDNS0 support %s.\n", + dns_use_edns0 ? "on" : "off"); + } +#else +if (dns_use_edns0 >= 0) + DEBUG(D_resolver) + debug_printf("Unable to %sset EDNS0 without resolver support.\n", + dns_use_edns0 ? "" : "un"); +#endif } diff --git a/src/src/globals.c b/src/src/globals.c index 7b5a52554..c7e6c2081 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -541,6 +541,7 @@ BOOL dns_csa_use_reverse = TRUE; uschar *dns_ipv4_lookup = NULL; int dns_retrans = 0; int dns_retry = 0; +int dns_use_edns0 = -1; /* <0 = not coerced */ uschar *dnslist_domain = NULL; uschar *dnslist_matched = NULL; uschar *dnslist_text = NULL; diff --git a/src/src/globals.h b/src/src/globals.h index c1806f070..3a1e53771 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -329,6 +329,7 @@ extern BOOL dns_csa_use_reverse; /* Check CSA in reverse DNS? (non-standar extern uschar *dns_ipv4_lookup; /* For these domains, don't look for AAAA (or A6) */ extern int dns_retrans; /* Retransmission time setting */ extern int dns_retry; /* Number of retries */ +extern int dns_use_edns0; /* Coerce EDNS0 support on/off in resolver. */ extern uschar *dnslist_domain; /* DNS (black) list domain */ extern uschar *dnslist_matched; /* DNS (black) list matched key */ extern uschar *dnslist_text; /* DNS (black) list text message */ diff --git a/src/src/readconf.c b/src/src/readconf.c index f5e895ac6..7aa44cf8c 100644 --- a/src/src/readconf.c +++ b/src/src/readconf.c @@ -218,6 +218,7 @@ static optionlist optionlist_config[] = { { "dns_ipv4_lookup", opt_stringptr, &dns_ipv4_lookup }, { "dns_retrans", opt_time, &dns_retrans }, { "dns_retry", opt_int, &dns_retry }, + { "dns_use_edns0", opt_int, &dns_use_edns0 }, /* This option is now a no-op, retained for compability */ { "drop_cr", opt_bool, &drop_cr }, /*********************************************************/ -- 2.30.2