From 7735b1fe980b0901f062994f64e4bb9b589a081e Mon Sep 17 00:00:00 2001
From: Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
Date: Tue, 12 Dec 2017 21:45:57 +0100
Subject: [PATCH] Remove dirmngr DNS client.

---
 legacy/gnupg/dirmngr/dirmngr.cpp     |  25 --
 legacy/gnupg/dirmngr/dns-stuff.cpp   | 494 +--------------------------
 legacy/gnupg/dirmngr/dns-stuff.h     |  75 ----
 legacy/gnupg/dirmngr/server.cpp      |  18 +-
 legacy/gnupg/dirmngr/t-dns-stuff.cpp | 213 ------------
 src/CMakeLists.txt                   |   4 +-
 6 files changed, 5 insertions(+), 824 deletions(-)
 delete mode 100644 legacy/gnupg/dirmngr/t-dns-stuff.cpp

diff --git a/legacy/gnupg/dirmngr/dirmngr.cpp b/legacy/gnupg/dirmngr/dirmngr.cpp
index 1aecd06fe..daf90cbdc 100644
--- a/legacy/gnupg/dirmngr/dirmngr.cpp
+++ b/legacy/gnupg/dirmngr/dirmngr.cpp
@@ -50,7 +50,6 @@
 #include "certcache.h"
 #include "crlcache.h"
 #include "crlfetch.h"
-#include "dns-stuff.h"
 #include "misc.h"
 
 #ifndef ENAMETOOLONG
@@ -109,9 +108,6 @@ enum cmd_and_opt_values {
   oUseTor,
   oNoUseTor,
   oKeyServer,
-  oStandardResolver,
-  oRecursiveResolver,
-  oResolverTimeout,
   oConnectTimeout,
   oConnectQuickTimeout,
   aTest
@@ -184,9 +180,6 @@ static ARGPARSE_OPTS opts[] = {
     ARGPARSE_s_s(oHTTPWrapperProgram, "http-wrapper-program", "@"),
     ARGPARSE_s_n(oHonorHTTPProxy, "honor-http-proxy", "@"),
     ARGPARSE_s_s(oIgnoreCertExtension, "ignore-cert-extension", "@"),
-    ARGPARSE_s_n(oStandardResolver, "standard-resolver", "@"),
-    ARGPARSE_s_n(oRecursiveResolver, "recursive-resolver", "@"),
-    ARGPARSE_s_i(oResolverTimeout, "resolver-timeout", "@"),
     ARGPARSE_s_i(oConnectTimeout, "connect-timeout", "@"),
     ARGPARSE_s_i(oConnectQuickTimeout, "connect-quick-timeout", "@"),
 
@@ -364,8 +357,6 @@ static int parse_rereadable_options(ARGPARSE_ARGS *pargs, int reread) {
       xfree(opt.ocsp_signer);
       opt.ocsp_signer = tmp;
     }
-    enable_standard_resolver(0);
-    set_dns_timeout(0);
     opt.connect_timeout = 0;
     opt.connect_quick_timeout = 0;
     return 1;
@@ -470,21 +461,10 @@ static int parse_rereadable_options(ARGPARSE_ARGS *pargs, int reread) {
       opt.ignored_cert_extensions.emplace((std::string)pargs->r.ret_str);
       break;
 
-    case oStandardResolver:
-      enable_standard_resolver(1);
-      break;
-    case oRecursiveResolver:
-      enable_recursive_resolver(1);
-      break;
-
     case oKeyServer:
       if (*pargs->r.ret_str) opt.keyserver.emplace_back(pargs->r.ret_str);
       break;
 
-    case oResolverTimeout:
-      set_dns_timeout(pargs->r.ret_int);
-      break;
-
     case oConnectTimeout:
       opt.connect_timeout = pargs->r.ret_ulong * 1000;
       break;
@@ -497,10 +477,6 @@ static int parse_rereadable_options(ARGPARSE_ARGS *pargs, int reread) {
       return 0; /* Not handled. */
   }
 
-  set_dns_verbose(opt.verbose, !!DBG_DNS);
-  set_dns_disable_ipv4(opt.disable_ipv4);
-  set_dns_disable_ipv6(opt.disable_ipv6);
-
   return 1; /* Handled. */
 }
 
@@ -822,7 +798,6 @@ int dirmngr_main(int argc, char **argv) {
 static void cleanup(void) {
   crl_cache_deinit();
   cert_cache_deinit(1);
-  reload_dns_stuff(1);
 }
 
 void dirmngr_exit(int rc) {
diff --git a/legacy/gnupg/dirmngr/dns-stuff.cpp b/legacy/gnupg/dirmngr/dns-stuff.cpp
index d746fdf2b..6d8be563f 100644
--- a/legacy/gnupg/dirmngr/dns-stuff.cpp
+++ b/legacy/gnupg/dirmngr/dns-stuff.cpp
@@ -1,9 +1,3 @@
-#define _BSD_SOURCE 1
-#define _GNU_SOURCE 1
-#undef _XOPEN_SOURCE
-#undef _POSIX_SOURCE
-#undef _POSIX_C_SOURCE
-
 /* dns-stuff.c - DNS related code including CERT RR (rfc-4398)
  * Copyright (C) 2003, 2005, 2006, 2009 Free Software Foundation, Inc.
  * Copyright (C) 2005, 2006, 2009, 2015. 2016 Werner Koch
@@ -35,418 +29,12 @@
  */
 
 #include <config.h>
-#include <sys/types.h>
-#ifdef HAVE_W32_SYSTEM
-#define WIN32_LEAN_AND_MEAN
-#ifdef HAVE_WINSOCK2_H
-#include <winsock2.h>
-#endif
-#include <iphlpapi.h>
-#include <windows.h>
-#else
-#if HAVE_SYSTEM_RESOLVER
-#include <arpa/nameser.h>
-#include <arpa/nameser_compat.h>
-#include <netinet/in.h>
-#include <resolv.h>
-#endif
-#include <netdb.h>
-#endif
-#ifdef HAVE_STAT
-#include <sys/stat.h>
-#endif
-#include <string.h>
-#include <unistd.h>
 
-/* dns.c has a dns_p_free but it is not exported.  We use our own
- * wrapper here so that we do not accidentally use xfree which would
- * be wrong for dns.c allocated data.  */
-#define dns_free(a) free((a))
+#include <stdlib.h>
+#include <string.h>
 
-#include <gpg-error.h>
-#include "../common/host2net.h"
-#include "../common/util.h"
 #include "dns-stuff.h"
 
-#define my_unprotect() \
-  do {                 \
-  } while (0)
-#define my_protect() \
-  do {               \
-  } while (0)
-
-/* We allow the use of 0 instead of AF_UNSPEC - check this assumption.  */
-#if AF_UNSPEC != 0
-#error AF_UNSPEC does not have the value 0
-#endif
-
-/* Windows does not support the AI_ADDRCONFIG flag - use zero instead.  */
-#ifndef AI_ADDRCONFIG
-#define AI_ADDRCONFIG 0
-#endif
-
-/* Not every installation has gotten around to supporting CERTs yet... */
-#undef T_CERT
-#define T_CERT 37
-
-/* The standard SOCKS and TOR ports.  */
-#define SOCKS_PORT 1080
-#define TOR_PORT 9050
-#define TOR_PORT2 9150 /* (Used by the Tor browser) */
-
-/* The default nameserver used in Tor mode.  */
-#define DEFAULT_NAMESERVER "8.8.8.8"
-
-/* The default timeout in seconds for libdns requests.  */
-#define DEFAULT_TIMEOUT 30
-
-#define RESOLV_CONF_NAME "/etc/resolv.conf"
-
-/* Two flags to enable verbose and debug mode.  */
-static int opt_verbose;
-static int opt_debug;
-
-/* The timeout in seconds for libdns requests.  */
-static int opt_timeout;
-
-/* The flag to disable IPv4 access - right now this only skips
- * returned A records.  */
-static int opt_disable_ipv4;
-
-/* The flag to disable IPv6 access - right now this only skips
- * returned AAAA records.  */
-static int opt_disable_ipv6;
-
-/* If set force the use of the standard resolver.  */
-static int standard_resolver;
-
-/* If set use recursive resolver when available. */
-static int recursive_resolver;
-
-/* Calling this function with YES set to True forces the use of the
- * standard resolver even if dirmngr has been built with support for
- * an alternative resolver.  */
-void enable_standard_resolver(int yes) { standard_resolver = yes; }
-
-/* Return true if the standard resolver is used.  */
-int standard_resolver_p(void) { return standard_resolver; }
-
-/* Calling this function with YES switches libdns into recursive mode.
- * It has no effect on the standard resolver.  */
-void enable_recursive_resolver(int yes) { recursive_resolver = yes; }
-
-/* Return true iff the recursive resolver is used.  */
-int recursive_resolver_p(void) { return 0; }
-
-/* Set verbosity and debug mode for this module. */
-void set_dns_verbose(int verbose, int debug) {
-  opt_verbose = verbose;
-  opt_debug = debug;
-}
-
-/* Set the Disable-IPv4 flag so that the name resolver does not return
- * A addresses.  */
-void set_dns_disable_ipv4(int yes) { opt_disable_ipv4 = !!yes; }
-
-/* Set the Disable-IPv6 flag so that the name resolver does not return
- * AAAA addresses.  */
-void set_dns_disable_ipv6(int yes) { opt_disable_ipv6 = !!yes; }
-
-/* Set the timeout for libdns requests to SECONDS.  A value of 0 sets
- * the default timeout and values are capped at 10 minutes.  */
-void set_dns_timeout(int seconds) {
-  if (!seconds)
-    seconds = DEFAULT_TIMEOUT;
-  else if (seconds < 1)
-    seconds = 1;
-  else if (seconds > 600)
-    seconds = 600;
-
-  opt_timeout = seconds;
-}
-
-/* Free an addressinfo linked list as returned by resolve_dns_name.  */
-void free_dns_addrinfo(dns_addrinfo_t ai) {
-  while (ai) {
-    dns_addrinfo_t next = ai->next;
-    xfree(ai);
-    ai = next;
-  }
-}
-
-#ifndef HAVE_W32_SYSTEM
-/* Return H_ERRNO mapped to a gpg-error code.  Will never return 0. */
-static gpg_error_t get_h_errno_as_gpg_error(void) {
-  gpg_error_t ec;
-
-  switch (h_errno) {
-    case HOST_NOT_FOUND:
-      ec = GPG_ERR_NO_NAME;
-      break;
-    case TRY_AGAIN:
-      ec = GPG_ERR_TRY_LATER;
-      break;
-    case NO_RECOVERY:
-      ec = GPG_ERR_SERVER_FAILED;
-      break;
-    case NO_DATA:
-      ec = GPG_ERR_NO_DATA;
-      break;
-    default:
-      ec = GPG_ERR_UNKNOWN_ERRNO;
-      break;
-  }
-  return ec;
-}
-#endif /*!HAVE_W32_SYSTEM*/
-
-static gpg_error_t map_eai_to_gpg_error(int ec) {
-  gpg_error_t err;
-
-  switch (ec) {
-    case EAI_AGAIN:
-      err = GPG_ERR_EAGAIN;
-      break;
-    case EAI_BADFLAGS:
-      err = GPG_ERR_INV_FLAG;
-      break;
-    case EAI_FAIL:
-      err = GPG_ERR_SERVER_FAILED;
-      break;
-    case EAI_MEMORY:
-      err = GPG_ERR_ENOMEM;
-      break;
-#ifdef EAI_NODATA
-    case EAI_NODATA:
-      err = GPG_ERR_NO_DATA;
-      break;
-#endif
-    case EAI_NONAME:
-      err = GPG_ERR_NO_NAME;
-      break;
-    case EAI_SERVICE:
-      err = GPG_ERR_NOT_SUPPORTED;
-      break;
-    case EAI_FAMILY:
-      err = GPG_ERR_EAFNOSUPPORT;
-      break;
-    case EAI_SOCKTYPE:
-      err = GPG_ERR_ESOCKTNOSUPPORT;
-      break;
-#ifndef HAVE_W32_SYSTEM
-#ifdef EAI_ADDRFAMILY
-    case EAI_ADDRFAMILY:
-      err = GPG_ERR_EADDRNOTAVAIL;
-      break;
-#endif
-    case EAI_SYSTEM:
-      err = gpg_error_from_syserror();
-      break;
-#endif
-    default:
-      err = GPG_ERR_UNKNOWN_ERRNO;
-      break;
-  }
-  return err;
-}
-
-/* SIGHUP action handler for this module.  With FORCE set objects are
- * all immediately released. */
-void reload_dns_stuff(int force) {
-#ifdef USE_LIBDNS
-  if (force) {
-    libdns_deinit();
-    libdns_reinit_pending = 0;
-  } else {
-    libdns_reinit_pending = 1;
-    libdns_tor_port = 0; /* Start again with the default port.  */
-  }
-#else
-  (void)force;
-#endif
-}
-
-/* Resolve a name using the standard system function.  */
-static gpg_error_t resolve_name_standard(const char *name, unsigned short port,
-                                         int want_family, int want_socktype,
-                                         dns_addrinfo_t *r_dai,
-                                         char **r_canonname) {
-  gpg_error_t err = 0;
-  dns_addrinfo_t daihead = NULL;
-  dns_addrinfo_t dai;
-  struct addrinfo *aibuf = NULL;
-  struct addrinfo hints, *ai;
-  char portstr[21];
-  int ret;
-
-  *r_dai = NULL;
-  if (r_canonname) *r_canonname = NULL;
-
-  memset(&hints, 0, sizeof hints);
-  hints.ai_family = want_family;
-  hints.ai_socktype = want_socktype;
-  hints.ai_flags = AI_ADDRCONFIG;
-  if (r_canonname) hints.ai_flags |= AI_CANONNAME;
-  if (is_ip_address(name)) hints.ai_flags |= AI_NUMERICHOST;
-
-  if (port)
-    snprintf(portstr, sizeof portstr, "%hu", port);
-  else
-    *portstr = 0;
-
-  /* We can't use the AI_IDN flag because that does the conversion
-     using the current locale.  However, GnuPG always used UTF-8.  To
-     support IDN we would need to make use of the libidn API.  */
-  ret = getaddrinfo(name, *portstr ? portstr : NULL, &hints, &aibuf);
-  if (ret) {
-    aibuf = NULL;
-    err = map_eai_to_gpg_error(ret);
-    if (err == GPG_ERR_NO_NAME) {
-      /* There seems to be a bug in the glibc getaddrinfo function
-         if the CNAME points to a long list of A and AAAA records
-         in which case the function return NO_NAME.  Let's do the
-         CNAME redirection again.  */
-      char *cname;
-
-      if (get_dns_cname(name, &cname)) goto leave; /* Still no success.  */
-
-      ret = getaddrinfo(cname, *portstr ? portstr : NULL, &hints, &aibuf);
-      xfree(cname);
-      if (ret) {
-        aibuf = NULL;
-        err = map_eai_to_gpg_error(ret);
-        goto leave;
-      }
-      err = 0; /* Yep, now it worked.  */
-    } else
-      goto leave;
-  }
-
-  if (r_canonname && aibuf && aibuf->ai_canonname) {
-    *r_canonname = xtrystrdup(aibuf->ai_canonname);
-    if (!*r_canonname) {
-      err = gpg_error_from_syserror();
-      goto leave;
-    }
-  }
-
-  for (ai = aibuf; ai; ai = ai->ai_next) {
-    if (ai->ai_family != AF_INET6 && ai->ai_family != AF_INET) continue;
-    if (opt_disable_ipv4 && ai->ai_family == AF_INET) continue;
-    if (opt_disable_ipv6 && ai->ai_family == AF_INET6) continue;
-
-    dai = (dns_addrinfo_t)xtrymalloc(sizeof *dai);
-    dai->family = ai->ai_family;
-    dai->socktype = ai->ai_socktype;
-    dai->protocol = ai->ai_protocol;
-    dai->addrlen = ai->ai_addrlen;
-    memcpy(dai->addr, ai->ai_addr, ai->ai_addrlen);
-    dai->next = daihead;
-    daihead = dai;
-  }
-
-leave:
-  if (aibuf) freeaddrinfo(aibuf);
-  if (err) {
-    if (r_canonname) {
-      xfree(*r_canonname);
-      *r_canonname = NULL;
-    }
-    free_dns_addrinfo(daihead);
-  } else
-    *r_dai = daihead;
-  return err;
-}
-
-/* This a wrapper around getaddrinfo with slightly different semantics.
-   NAME is the name to resolve.
-   PORT is the requested port or 0.
-   WANT_FAMILY is either 0 (AF_UNSPEC), AF_INET6, or AF_INET4.
-   WANT_SOCKETTYPE is either SOCK_STREAM or SOCK_DGRAM.
-
-   On success the result is stored in a linked list with the head
-   stored at the address R_AI; the caller must call gpg_addrinfo_free
-   on this.  If R_CANONNAME is not NULL the official name of the host
-   is stored there as a malloced string; if that name is not available
-   NULL is stored.  */
-gpg_error_t resolve_dns_name(const char *name, unsigned short port,
-                             int want_family, int want_socktype,
-                             dns_addrinfo_t *r_ai, char **r_canonname) {
-  gpg_error_t err;
-
-  err = resolve_name_standard(name, port, want_family, want_socktype, r_ai,
-                              r_canonname);
-  if (opt_debug)
-    log_debug("dns: resolve_dns_name(%s): %s\n", name, gpg_strerror(err));
-  return err;
-}
-
-/* Resolve an address using the standard system function.  */
-static gpg_error_t resolve_addr_standard(const struct sockaddr_storage *addr,
-                                         int addrlen, unsigned int flags,
-                                         char **r_name) {
-  gpg_error_t err;
-  int ec;
-  char *buffer, *p;
-  int buflen;
-
-  *r_name = NULL;
-
-  buflen = NI_MAXHOST;
-  buffer = (char *)xtrymalloc(buflen + 2 + 1);
-  if (!buffer) return gpg_error_from_syserror();
-
-  if ((flags & DNS_NUMERICHOST))
-    ec = EAI_NONAME;
-  else
-    ec = getnameinfo((const struct sockaddr *)addr, addrlen, buffer, buflen,
-                     NULL, 0, NI_NAMEREQD);
-
-  if (!ec && *buffer == '[')
-    ec = EAI_FAIL; /* A name may never start with a bracket.  */
-  else if (ec == EAI_NONAME) {
-    p = buffer;
-    if (addr->ss_family == AF_INET6 && (flags & DNS_WITHBRACKET)) {
-      *p++ = '[';
-      buflen -= 2;
-    }
-    ec = getnameinfo((const struct sockaddr *)addr, addrlen, p, buflen, NULL, 0,
-                     NI_NUMERICHOST);
-    if (!ec && addr->ss_family == AF_INET6 && (flags & DNS_WITHBRACKET))
-      strcat(buffer, "]");
-  }
-
-  if (ec)
-    err = map_eai_to_gpg_error(ec);
-  else {
-    p = (char *)xtryrealloc(buffer, strlen(buffer) + 1);
-    if (!p)
-      err = gpg_error_from_syserror();
-    else {
-      buffer = p;
-      err = 0;
-    }
-  }
-
-  if (err)
-    xfree(buffer);
-  else
-    *r_name = buffer;
-
-  return err;
-}
-
-/* A wrapper around getnameinfo.  */
-gpg_error_t resolve_dns_addr(const struct sockaddr_storage *addr, int addrlen,
-                             unsigned int flags, char **r_name) {
-  gpg_error_t err;
-
-  err = resolve_addr_standard(addr, addrlen, flags, r_name);
-
-  if (opt_debug) log_debug("dns: resolve_dns_addr(): %s\n", gpg_strerror(err));
-  return err;
-}
-
 /* Check whether NAME is an IP address.  Returns a true if it is
  * either an IPv6 or a IPv4 numerical address.  The actual return
  * values can also be used to identify whether it is v4 or v6: The
@@ -511,81 +99,3 @@ int is_onion_address(const char *name) {
   /* Note that we require at least 2 characters before the suffix.  */
   return 1; /* Yes.  */
 }
-
-/* Standard resolver version of get_dns_cname.  */
-gpg_error_t get_dns_cname_standard(const char *name, char **r_cname) {
-#ifdef HAVE_SYSTEM_RESOLVER
-  gpg_error_t err;
-  int rc;
-  union {
-    unsigned char ans[2048];
-    HEADER header[1];
-  } res;
-  unsigned char *answer = res.ans;
-  HEADER *header = res.header;
-  unsigned char *pt, *emsg;
-  int r;
-  char *cname;
-  int cnamesize = 1025;
-  u16 count;
-
-  my_unprotect();
-  r = res_query(name, C_IN, T_CERT, answer, sizeof res.ans);
-  my_protect();
-  if (r < 0) return get_h_errno_as_gpg_error();
-  if (r < sizeof(HEADER)) return GPG_ERR_SERVER_FAILED;
-  if (r > sizeof res.ans) return GPG_ERR_SYSTEM_BUG;
-  if (header->rcode != NOERROR || !(count = ntohs(header->ancount)))
-    return GPG_ERR_NO_NAME; /* Error or no record found.  */
-  if (count != 1) return GPG_ERR_SERVER_FAILED;
-
-  emsg = &answer[r];
-  pt = &answer[sizeof(HEADER)];
-  rc = dn_skipname(pt, emsg);
-  if (rc == -1) return GPG_ERR_SERVER_FAILED;
-
-  pt += rc + QFIXEDSZ;
-  if (pt >= emsg) return GPG_ERR_SERVER_FAILED;
-
-  rc = dn_skipname(pt, emsg);
-  if (rc == -1) return GPG_ERR_SERVER_FAILED;
-  pt += rc + 2 + 2 + 4;
-  if (pt + 2 >= emsg) return GPG_ERR_SERVER_FAILED;
-  pt += 2; /* Skip rdlen */
-
-  cname = (char *)xtrymalloc(cnamesize);
-  if (!cname) return gpg_error_from_syserror();
-
-  rc = dn_expand(answer, emsg, pt, cname, cnamesize - 1);
-  if (rc == -1) {
-    xfree(cname);
-    return GPG_ERR_SERVER_FAILED;
-  }
-  *r_cname = (char *)xtryrealloc(cname, strlen(cname) + 1);
-  if (!*r_cname) {
-    err = gpg_error_from_syserror();
-    xfree(cname);
-    return err;
-  }
-  return 0;
-
-#else /*!HAVE_SYSTEM_RESOLVER*/
-
-  (void)name;
-  (void)r_cname;
-  return GPG_ERR_NOT_IMPLEMENTED;
-
-#endif /*!HAVE_SYSTEM_RESOLVER*/
-}
-
-gpg_error_t get_dns_cname(const char *name, char **r_cname) {
-  gpg_error_t err;
-
-  *r_cname = NULL;
-
-  err = get_dns_cname_standard(name, r_cname);
-  if (opt_debug)
-    log_debug("get_dns_cname(%s)%s%s\n", name, err ? ": " : " -> ",
-              err ? gpg_strerror(err) : *r_cname);
-  return err;
-}
diff --git a/legacy/gnupg/dirmngr/dns-stuff.h b/legacy/gnupg/dirmngr/dns-stuff.h
index 86425f65f..59be12004 100644
--- a/legacy/gnupg/dirmngr/dns-stuff.h
+++ b/legacy/gnupg/dirmngr/dns-stuff.h
@@ -30,85 +30,10 @@
 #ifndef GNUPG_DIRMNGR_DNS_STUFF_H
 #define GNUPG_DIRMNGR_DNS_STUFF_H
 
-#ifdef HAVE_W32_SYSTEM
-#ifdef HAVE_WINSOCK2_H
-#include <winsock2.h>
-#endif
-#include <windows.h>
-#else
-#include <sys/socket.h>
-#include <sys/types.h>
-#endif
-
-/*
- * Flags used with resolve_dns_addr.
- */
-#define DNS_NUMERICHOST 1 /* Force numeric output format.  */
-#define DNS_WITHBRACKET               \
-  2 /* Put brackets around numeric v6 \
-       addresses.  */
-
-struct dns_addrinfo_s;
-typedef struct dns_addrinfo_s *dns_addrinfo_t;
-struct dns_addrinfo_s {
-  dns_addrinfo_t next;
-  int family;
-  int socktype;
-  int protocol;
-  int addrlen;
-  struct sockaddr_storage addr[1];
-};
-
-/* Set verbosity and debug mode for this module. */
-void set_dns_verbose(int verbose, int debug);
-
-/* Set the Disable-IPv4 flag so that the name resolver does not return
- * A addresses.  */
-void set_dns_disable_ipv4(int yes);
-
-/* Set the Disable-IPv6 flag so that the name resolver does not return
- * AAAA addresses.  */
-void set_dns_disable_ipv6(int yes);
-
-/* Set the timeout for libdns requests to SECONDS.  */
-void set_dns_timeout(int seconds);
-
-/* Calling this function with YES set to True forces the use of the
- * standard resolver even if dirmngr has been built with support for
- * an alternative resolver.  */
-void enable_standard_resolver(int yes);
-
-/* Return true if the standard resolver is used.  */
-int standard_resolver_p(void);
-
-/* Calling this function with YES switches libdns into recursive mode.
- * It has no effect on the standard resolver.  */
-void enable_recursive_resolver(int yes);
-
-/* Return true iff the recursive resolver is used.  */
-int recursive_resolver_p(void);
-
-/* SIGHUP action handler for this module.  */
-void reload_dns_stuff(int force);
-
-void free_dns_addrinfo(dns_addrinfo_t ai);
-
-/* Function similar to getaddrinfo.  */
-gpg_error_t resolve_dns_name(const char *name, unsigned short port,
-                             int want_family, int want_socktype,
-                             dns_addrinfo_t *r_dai, char **r_canonname);
-
-/* Function similar to getnameinfo.  */
-gpg_error_t resolve_dns_addr(const struct sockaddr_storage *addr, int addrlen,
-                             unsigned int flags, char **r_name);
-
 /* Return true if NAME is a numerical IP address.  */
 int is_ip_address(const char *name);
 
 /* Return true if NAME is an onion address.  */
 int is_onion_address(const char *name);
 
-/* Get the canonical name for NAME.  */
-gpg_error_t get_dns_cname(const char *name, char **r_cname);
-
 #endif /*GNUPG_DIRMNGR_DNS_STUFF_H*/
diff --git a/legacy/gnupg/dirmngr/server.cpp b/legacy/gnupg/dirmngr/server.cpp
index 98af90cc2..db10488d4 100644
--- a/legacy/gnupg/dirmngr/server.cpp
+++ b/legacy/gnupg/dirmngr/server.cpp
@@ -43,7 +43,6 @@
 #include "certcache.h"
 #include "crlcache.h"
 #include "crlfetch.h"
-#include "dns-stuff.h"
 #include "ks-action.h"
 #include "misc.h"
 #include "ocsp.h"
@@ -1470,8 +1469,7 @@ static const char hlp_getinfo[] =
     "\n"
     "version     - Return the version of the program.\n"
     "pid         - Return the process id of the server.\n"
-    "tor         - Return OK if running in Tor mode\n"
-    "dnsinfo     - Return info about the DNS resolver\n";
+    "tor         - Return OK if running in Tor mode\n";
 static gpg_error_t cmd_getinfo(assuan_context_t ctx, char *line) {
   ctrl_t ctrl = (ctrl_t)assuan_get_pointer(ctx);
   gpg_error_t err;
@@ -1484,20 +1482,6 @@ static gpg_error_t cmd_getinfo(assuan_context_t ctx, char *line) {
 
     snprintf(numbuf, sizeof numbuf, "%lu", (unsigned long)getpid());
     err = assuan_send_data(ctx, numbuf, strlen(numbuf));
-  } else if (!strcmp(line, "dnsinfo")) {
-    if (standard_resolver_p())
-      assuan_set_okay_line(ctx,
-                           "- Forced use of System resolver (w/o Tor support)");
-    else {
-#ifdef USE_LIBDNS
-      assuan_set_okay_line(
-          ctx, (recursive_resolver_p() ? "- Libdns recursive resolver"
-                                       : "- Libdns stub resolver"));
-#else
-      assuan_set_okay_line(ctx, "- System resolver (w/o Tor support)");
-#endif
-    }
-    err = 0;
   } else
     err = set_error(GPG_ERR_ASS_PARAMETER, "unknown value for WHAT");
 
diff --git a/legacy/gnupg/dirmngr/t-dns-stuff.cpp b/legacy/gnupg/dirmngr/t-dns-stuff.cpp
deleted file mode 100644
index 858be9e83..000000000
--- a/legacy/gnupg/dirmngr/t-dns-stuff.cpp
+++ /dev/null
@@ -1,213 +0,0 @@
-/* t-dns-cert.c - Module test for dns-stuff.c
- * Copyright (C) 2011 Free Software Foundation, Inc.
- * Copyright (C) 2011, 2015 Werner Koch
- *
- * This file is part of GnuPG.
- *
- * GnuPG is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * GnuPG is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <https://www.gnu.org/licenses/>.
- */
-
-#include <assert.h>
-#include <config.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-#include "../common/util.h"
-#include "dns-stuff.h"
-
-#define PGM "t-dns-stuff"
-
-static int verbose;
-static int debug;
-
-static void init_sockets(void) {
-#ifdef HAVE_W32_SYSTEM
-  WSADATA wsadat;
-
-  WSAStartup(0x202, &wsadat);
-#endif
-}
-
-int main(int argc, char **argv) {
-  int last_argc = -1;
-  gpg_error_t err;
-  int any_options = 0;
-  int opt_srv = 0;
-  int opt_bracket = 0;
-  int opt_cname = 0;
-  char const *name = NULL;
-
-  gpgrt_init();
-  log_set_prefix(PGM, GPGRT_LOG_WITH_PREFIX);
-  if (argc) {
-    argc--;
-    argv++;
-  }
-  while (argc && last_argc != argc) {
-    last_argc = argc;
-    if (!strcmp(*argv, "--")) {
-      argc--;
-      argv++;
-      break;
-    } else if (!strcmp(*argv, "--help")) {
-      fputs("usage: " PGM
-            " [HOST]\n"
-            "Options:\n"
-            "  --verbose           print timings etc.\n"
-            "  --debug             flyswatter\n"
-            "  --standard-resolver use the system's resolver\n"
-            "  --new-circuit       use a new Tor circuit\n"
-            "  --bracket           enclose v6 addresses in brackets\n"
-            "  --cert              lookup a CERT RR\n"
-            "  --srv               lookup a SRV RR\n"
-            "  --cname             lookup a CNAME RR\n"
-            "  --timeout SECONDS   timeout after SECONDS\n",
-            stdout);
-      exit(0);
-    } else if (!strcmp(*argv, "--verbose")) {
-      verbose++;
-      argc--;
-      argv++;
-    } else if (!strcmp(*argv, "--debug")) {
-      verbose += 2;
-      debug++;
-      argc--;
-      argv++;
-    } else if (!strcmp(*argv, "--standard-resolver")) {
-      enable_standard_resolver(1);
-      argc--;
-      argv++;
-    } else if (!strcmp(*argv, "--recursive-resolver")) {
-      enable_recursive_resolver(1);
-      argc--;
-      argv++;
-    } else if (!strcmp(*argv, "--bracket")) {
-      opt_bracket = 1;
-      argc--;
-      argv++;
-    } else if (!strcmp(*argv, "--srv")) {
-      any_options = opt_srv = 1;
-      argc--;
-      argv++;
-    } else if (!strcmp(*argv, "--cname")) {
-      any_options = opt_cname = 1;
-      argc--;
-      argv++;
-    } else if (!strcmp(*argv, "--timeout")) {
-      argc--;
-      argv++;
-      if (argc) {
-        set_dns_timeout(atoi(*argv));
-        argc--;
-        argv++;
-      }
-    } else if (!strncmp(*argv, "--", 2)) {
-      fprintf(stderr, PGM ": unknown option '%s'\n", *argv);
-      exit(1);
-    }
-  }
-
-  if (argc == 1)
-    name = *argv;
-  else {
-    fprintf(stderr, PGM ": none or too many host names given\n");
-    exit(1);
-  }
-
-  set_dns_verbose(verbose, debug);
-  init_sockets();
-
-  if (opt_cname) {
-    char *cname;
-
-    printf("CNAME lookup on '%s'\n", name);
-    err = get_dns_cname(name, &cname);
-    if (err)
-      printf("get_dns_cname failed: %s <%s>\n", gpg_strerror(err),
-             gpg_strsource(err));
-    else {
-      printf("CNAME found: '%s'\n", cname);
-    }
-    xfree(cname);
-  } else if (opt_srv) {
-    struct srventry *srv;
-    unsigned int count;
-    int i;
-
-    err = get_dns_srv(name ? name : "_hkp._tcp.wwwkeys.pgp.net", NULL, NULL,
-                      &srv, &count);
-    if (err)
-      printf("get_dns_srv failed: %s <%s>\n", gpg_strerror(err),
-             gpg_strsource(err));
-    else {
-      printf("count=%u\n", count);
-      for (i = 0; i < count; i++) {
-        printf("priority=%-8hu  ", srv[i].priority);
-        printf("weight=%-8hu  ", srv[i].weight);
-        printf("port=%-5hu  ", srv[i].port);
-        printf("target=%s\n", srv[i].target);
-      }
-
-      xfree(srv);
-    }
-  } else /* Standard lookup.  */
-  {
-    char *cname;
-    dns_addrinfo_t aibuf, ai;
-    char *host;
-
-    printf("Lookup on '%s'\n", name);
-
-    err = resolve_dns_name(name, 0, 0, SOCK_STREAM, &aibuf, &cname);
-    if (err) {
-      fprintf(stderr, PGM ": resolving '%s' failed: %s\n", name,
-              gpg_strerror(err));
-      exit(1);
-    }
-
-    if (cname) printf("cname: %s\n", cname);
-    for (ai = aibuf; ai; ai = ai->next) {
-      printf("%s %3d %3d   ",
-             ai->family == AF_INET6 ? "inet6"
-                                    : ai->family == AF_INET ? "inet4" : "?    ",
-             ai->socktype, ai->protocol);
-
-      err = resolve_dns_addr(
-          ai->addr, ai->addrlen,
-          (DNS_NUMERICHOST | (opt_bracket ? DNS_WITHBRACKET : 0)), &host);
-      if (err)
-        printf("[resolve_dns_addr failed: %s]", gpg_strerror(err));
-      else {
-        printf("%s", host);
-        xfree(host);
-      }
-
-      err = resolve_dns_addr(ai->addr, ai->addrlen,
-                             (opt_bracket ? DNS_WITHBRACKET : 0), &host);
-      if (err)
-        printf("  [resolve_dns_addr failed (2): %s]", gpg_strerror(err));
-      else {
-        if (!is_ip_address(host)) printf("  (%s)", host);
-        xfree(host);
-      }
-      putchar('\n');
-    }
-    xfree(cname);
-    free_dns_addrinfo(aibuf);
-  }
-
-  reload_dns_stuff(1); /* Release objects.  */
-
-  return 0;
-}
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index af715e439..c0634bfb9 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -239,12 +239,12 @@ ${SQLITE3_LDFLAGS} ${SQLITE3_LIBRARIES}
 ${BOTAN2_LDFLAGS} ${BOTAN2_LIBRARIES}
 ${LIBUSB_LDFLAGS} ${LIBUSB_LIBRARIES}
 ${GNUTLS_LDFLAGS} ${GNUTLS_LIBRARIES}
- -lresolv -lz -lbz2
  libneopg
 )
 target_compile_options(neopg PUBLIC
 ${SQLITE3_CFLAGS_OTHER}
-${BOTAN2_CFLAGS_OTHER})
+${BOTAN2_CFLAGS_OTHER}
+)
 
 # Locale