[Openswan dev] long DNS query results may choke glibc

D. Hugh Redelmeier hugh at mimosa.com
Mon Aug 22 10:55:27 CEST 2005

[Perhaps this should go to the users' list but I don't subscribe to it.]

Users of *swan may have long DNS entries because DNS records can be used 
to distribute public RSA keys.

I just read a Red Hat Bugzilla entry that suggests that some versions
of glibc don't handle long DNS entries correctly.  The problem is with
fallback to TCP when a result cannot be stuffed into a single UDP


Even if this problem does not affect your own system, it may affect
others with whom you wish to communicate.

The latest addition to the bugzillaentry (comment #8) suggests that
the problem is upstream from Red Hat, so non-Red Hat systems probably
have the bug too.

More information about the Dev mailing list