DNS and qmail : CNAME failure
D. J. Bernstein
djb at cr.yp.to
Thu Jul 1 03:08:45 UTC 1999
SMTP clients are required to rewrite aliases. Many sites rely on this
for their incoming mail delivery, although I recommend that they stop.
See http://pobox.com/~djb/proto/im/cname.html for further discussion.
Unfortunately, old versions of BIND incorrectly returned SERVFAIL for
CNAME queries to lame DNS servers. There are lots of lame name servers.
sendmail doesn't trigger this BIND bug, because it actually does ANY
queries, not CNAME queries. (Otherwise the bug would have been fixed
much sooner than it actually was!)
Test versions of qmail did CNAME queries. However, the BIND bug turned
CNAME queries into a disaster, so qmail was changed to do ANY queries.
The bottom line is that, if you want to receive mail, your ANY response
needs to work with all deployed resolvers---which it doesn't, since it's
over 512 bytes. See RFC 1123, section 6.1.3.2.
---Dan
More information about the bind-users
mailing list