BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

Al Stu Al_Stu at Verizon.net
Tue Jan 27 03:54:00 UTC 2009 

If you refuse a CNAME then it is your SMTP server that is broken.  The SMTP 
RFC's clearly state that SMTP servers are to accept and lookup a CNAME.

----- Original Message ----- 
From: "Scott Haneda" <talklists at newgeo.com>
To: "Mark Andrews" <Mark_Andrews at isc.org>
Cc: "Al Stu" <Al_Stu at Verizon.net>; <bind-users at lists.isc.org>
Sent: Monday, January 26, 2009 6:24 PM
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT 
"Illegal"


> On Jan 26, 2009, at 6:17 PM, Mark Andrews wrote:
>
>> Which just means you have not ever experienced the problems
>> causes.  MTA are not required to look up the addresses of
>> all the mail exchangers in the MX RRset to process the MX
>> RRset.  MTA usually learn their name by gethostname() or
>> similar and that name is not a CNAME or there is a
>> misconfiguration.
>>
>> The fact that email still gets delivered in the presence
>> of misconfigurations is good luck rather than good management.
>
>
> 100% right.  I refuse MX's that are cnamed, and I get emails from 
> customers asking what is up.  What is strange, and I can not figure it 
> out, is that the admins of the DNS/email server always tell me this is 
> the first time they have heard of it.
>
> Despite me pointing them to RFC on the matter, since it has worked in  the 
> past, they think it is my MTA that is wrong.  I hate to budge on  it, as 
> this is a simple thing to understand and fix, but it seems many  other 
> email servers out there will run up and down a DNS server to  find any 
> address they can.
>
> In the end, they almost always refuse to change their DNS, and I and  up 
> making a static route for them.  They change the record later, and  then 
> it breaks.
>
> I have never got why this is such a hard thing for email admins to get 
> right, but it certainly causes me headaches.  I personally wish  CNAME's 
> would just go away, keep them around, but just stop talking  about them, 
> then new to DNS users would not use them.
> --
> Scott
>

More information about the bind-users mailing list