Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
RT-Send-CC:
X-RT-Original-Encoding: iso-8859-1
Content-Length: 524

So we've got one leak in res_nsend() in Linux, and a different one in
res_ninit() in Solaris libresolv.  res_ndestroy() in the BIND sources
looks like it does the right things with resources allocated by
res_ninit(), but neither Solaris nor Linux exports it.  All of these are
reasonably considered OS bugs, so what we have now (call res_ndestroy()
if we can find it) is probably the best we'll get unless we do
thread-specific caching, or caching in krb5_context, or mutex around
calls to the non-thread-safe resolver APIs.