BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"
bsfinkel at anl.gov
bsfinkel at anl.gov
Mon Jan 26 15:19:54 UTC 2009
I have not copied the entire thread.
>You've added an additional step in your second paragraph that is
>prohibited by the section you quoted in the first. The section from
>the RFC describes a situation where A is queried for and an MX record
>pointing to B is returned. When B is queried for, an address record
>MUST be the answer. The situation you have described is that A is
>queried for resulting in an MX record pointing to B. When B is
>queried for, a CNAME pointing to C is returned, and that when C is
>queried an address record is returned. Do you see the difference?
>
>The RFCs are quite clear that CNAMEs are not permitted in the RDATA
>for an MX.
If I have in DNS
cn IN CNAME realname
and I query for cn, the DNS resolver will return "realname".
BIND also returns the "A" record for realname. Is this a requirement?
If not, then
mx IN 10 MX cn
will result in:
1) the MX query returning cn,
2) the cn query returning realname,
3) a third (and RFC-breaking) query to get the "A" for realname.
There are only two queries if the resolver returns the "A" record along
with the realname of the CNAME record.
----------------------------------------------------------------------
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory Phone: +1 (630) 252-7277
9700 South Cass Avenue Facsimile:+1 (630) 252-4601
Building 222, Room D209 Internet: BSFinkel at anl.gov
Argonne, IL 60439-4828 IBMMAIL: I1004994
More information about the bind-users
mailing list