cnames & mx records on the root of a zone

Mark.Andrews at nominum.com Mark.Andrews at nominum.com
Sun Oct 29 08:45:19 UTC 2000 

	Well at top of zone you cannot have a CNAME as this breaks the
	"CNAME and other data" rule, the SOA and NS records are the
	other data here.  You can have a MX record however.

	At any node you cannot have both a CNAME and MX record as this
	breaks the "CNAME and other data" rule, the MX record is the
	other data here.

> 1.
> 
> - you are not supposed to have a cname and an mx record on the root of a
> zone.
> - bind 4 used to allow both

	Bind 4 complained about the CNAME and other DATA rule being broken,
	examine your logs.

> - bind 8 actually 'rejects zones' as a result of this confilct, sometimes
> rejecting the "second entry" arbitrarily, sometimes rejecting the whole
> zone...

	BIND 8 made it a hard error.
> 
> 2:
> 
> - Mail servers seem to obey the MX at the root of the zone, if both exist

	Depending apon the nameserver implementation clients don't even
	see the MX record when you do this.  This was the case w/ BIND 4.
	BIND 8 just rejects the conflicting records.

> 
> - There is a specific case in which a use may want a CNAME for the root to
> go to a "Dynamic dns provider" and a MX to go to a regular mail server,
> especially when the dynamic dns provider does not support MX records.
> 
> - Sendmail and Outlook (our users most popular email clients) both seem to
> use the MX at the root of the zone, instead of the CNAME (the "intuitive
> use" for this violation).
> 
> Questions:
> 
>     What is the correct behavior for Bind?
> 
>     Bind 8 seems to fail randomly when this situation occurs, whereas Bind 4
> seems to work fine.  Is there an option to make this behavior predictable?

	You want to us to spend time to make an illegal configuration
	predicatable.
> 
>     Can we get Bind 8 to just accept them?

	No.
> 
>     If we restrict our users to having a CNAME or a MX - but not both -
> should we tell them to put the MX at the CNAME'd "target"... and will ALL
> mail clients obey this?

	Yes, however they may re-write the host part of the address to be
	that of the CNAME target.

> 
>                                     - Erik
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at nominum.com

More information about the bind-users mailing list