BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

[SM]

At 00:44 25-01-2009, Al Stu wrote:
>"When a domain name associated with an MX RR is looked up and the 
>associated data field obtained, the data field of that response MUST 
>contain a domain name.    That domain name, when queried, MUST 
>return at least one address record (e.g., A or AAAA RR) that gives 
>the IP address of the SMTP server to which the message should be directed."
>
>Correct.  And when a that domain name is a CNAME pointing to an A RR 
>the query returns not only the alias but also the real name and the 
>IP address from the A RR.  Thus meeting the requirements to "return 
>at least one address record (e.t., A or AAAA RR)".  But yet ISC 
>seems to find it necessary to throw a message that it is "illegal", 
>when it clearly is not.

That's a liberal interpretation of the specifications and it's the 
opposite of the intent of the quoted paragraph.  Implementors are 
expected to query for an address record only.  Any other behavior 
such as the one described in your second paragraph is 
undefined.  Further reading of that section elaborates on what to do 
if a CNAME is returned and there is a reference to RFC 2181 for a 
discussion of the prohibition of CNAMEs on the right-end side.  RFC 
974 specifies the algorithm to build the list of RRs and discusses 
about possible issues.  It's the same algorithm in RFC 2821 and RFC 5321.

The confusion about CNAMEs in MX records stems from the 
interpretation of the text about how CNAMEs on the left-hand side are 
handled and that was clarified in the latest revision of the specifications.

Regards,
-sm