BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"
Al Stu
Al_Stu at Verizon.net
Sun Jan 25 08:30:47 UTC 2009
RFC 2821 is much more recent and clearly documents in sections 3.5 and 5
that CNAME MX RR are permitted and are to be handled by SMTP MTA's.
3.6 Domains
"Only resolvable, fully-qualified, domain names (FQDNs) are permitted when
domain names are used in SMTP. In other words, names that can be resolved
to MX RRs or A RRs (as discussed in section 5) are permitted, as are CNAME
RRs whose targets can be resolved, in turn, to MX or A RRs."
5. Address Resolution and Mail Handling
"The lookup first attempts to locate an MX record associated with the name.
If a CNAME record is found instead, the resulting name is processed as if it
were the initial name."
This is also backed up by the older RFC 974.
"There is one other special case. If the response contains an answer which
is a CNAME RR, it indicates that REMOTE is actually an alias for some other
domain name. The query should be repeated with the canonical domain name."
So it is clear there should be no problem with using CNAME MX RR for mail
systems that conform to these RFC's, and therefore no need for enforcing the
use of only A RR, or even outputting an error/warning.
More information about the bind-users
mailing list