[Openswan dev] long DNS query results may choke glibc
D. Hugh Redelmeier
hugh at mimosa.com
Mon Aug 22 10:55:27 CEST 2005
[Perhaps this should go to the users' list but I don't subscribe to it.]
Users of *swan may have long DNS entries because DNS records can be used
to distribute public RSA keys.
I just read a Red Hat Bugzilla entry that suggests that some versions
of glibc don't handle long DNS entries correctly. The problem is with
fallback to TCP when a result cannot be stuffed into a single UDP
Even if this problem does not affect your own system, it may affect
others with whom you wish to communicate.
The latest addition to the bugzillaentry (comment #8) suggests that
the problem is upstream from Red Hat, so non-Red Hat systems probably
have the bug too.
More information about the Dev