[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Network access during build

Jakub Wilk <jwilk@debian.org> writes:
> * Russ Allbery <rra@debian.org>, 2016-09-07, 09:26:

>> Now, that said, assuming that "fail" is not a valid host in the local
>> domain isn't a good assumption and makes the build fragile. My packages
>> that perform a similar test use the DNS name addrinfo-test.invalid to
>> force a failure, which is guaranteed by IANA reservations to not exist.

> RFC 6761, §6.4.3 says:

> Name resolution APIs and libraries SHOULD recognize "invalid" names as
> special and SHOULD always return immediate negative responses.  Name
> resolution APIs SHOULD NOT send queries for "invalid" names to their
> configured caching DNS server(s).

> Unfortunately, glibc doesn't seem follow these recommendations. :-\

Yeah, sadly.  But it doesn't really matter for test case purposes if the
query does get sent to the local DNS server, since it's pretty much
guaranteed to not exist.  (And any privacy leak, which I think is minimal
anyway, would be largely mitigated if we all picked the same .invalid name
to use for such tests....)

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: