DEBUG(D_receive) debug_printf("SPF_dns_exim_lookup '%s'\n", domain);
+/* Shortcircuit SPF RR lookups by returning NO_DATA. They were obsoleted by
+RFC 6686/7208 years ago. see bug #1294 */
+
+if (rr_type == T_SPF)
+ {
+ HDEBUG(D_host_lookup) debug_printf("faking NO_DATA for SPF RR(99) lookup\n");
+ srr.herrno = NO_DATA;
+ SPF_dns_rr_dup(&spfrr, &srr);
+ return spfrr;
+ }
+
switch (dns_rc = dns_lookup(dnsa, US domain, rr_type, NULL))
{
case DNS_SUCCEED: srr.herrno = NETDB_SUCCESS; break;
srr.rr[found++] = (void *) s;
}
-srr.num_rr = found;
+/* Did we filter out all TXT RRs? Return NO_DATA instead of SUCCESS with
+empty ANSWER section. */
+
+if (!(srr.num_rr = found))
+ srr.herrno = NO_DATA;
+
/* spfrr->rr must have been malloc()d for this */
SPF_dns_rr_dup(&spfrr, &srr);
return spfrr;