BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"
Al Stu
Al_Stu at Verizon.net
Sun Jan 25 08:44:36 UTC 2009
"When a domain name associated with an MX RR is looked up and the associated
data field obtained, the data field of that response MUST contain a domain
name. That domain name, when queried, MUST return at least one address
record (e.g., A or AAAA RR) that gives the IP address of the SMTP server to
which the message should be directed."
Correct. And when a that domain name is a CNAME pointing to an A RR the
query returns not only the alias but also the real name and the IP address
from the A RR. Thus meeting the requirements to "return at least one
address record (e.t., A or AAAA RR)". But yet ISC seems to find it
necessary to throw a message that it is "illegal", when it clearly is not.
----- Original Message -----
From: "SM" <sm at resistor.net>
To: <bind-users at lists.isc.org>
Sent: Sunday, January 25, 2009 12:23 AM
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT
"Illegal"
> At 22:11 24-01-2009, Al Stu wrote:
>>Some people seem to think RFC 974 creates a standard which prohibits the
>>use of CNAME/alias in MX records. But very much to the contrary RFC 974
>>demonstrates that CNAME/alias is permitted in MX records.
>
> RFC 974 is obsoleted by RFC 2821; the latter is obsoleted by RFC 5321.
> Quoting Section 5 of that RFC:
>
> "When a domain name associated with an MX RR is looked up and the
> associated data field obtained, the data field of that response MUST
> contain a domain name. That domain name, when queried, MUST return
> at least one address record (e.g., A or AAAA RR) that gives the IP
> address of the SMTP server to which the message should be directed.
> Any other response, specifically including a value that will return a
> CNAME record when queried, lies outside the scope of this Standard.
> The prohibition on labels in the data that resolve to CNAMEs is
> discussed in more detail in RFC 2181, Section 10.3."
>
>>ISC's message that a CNAME/alias in an MX record is illegal is incorrect
>>and just an attempt by ISC to get people to go along with what is only a
>>perceived rather than actual standard/requirement, and should be removed
>>so as not to further the fallacy of this perceived perception of a
>>standard/requirement, as it is neither a standard nor a requirement, and
>>certainly not illegal.
>
> Pointing to a CNAME on the right-hand side of an MX record is incorrect
> and may affect mail delivery. This is not about perceived perception of a
> requirement (see the MUST return at least one address record in the quoted
> text).
>
> Regards,
> -sm
>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list