BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"
Chris Thompson
cet1 at cam.ac.uk
Sun Jan 25 17:28:12 UTC 2009
On Jan 25 2009, Al Stu wrote:
>RFC 2821 is much more recent and clearly documents in sections 3.5 and 5
>that CNAME MX RR are permitted and are to be handled by SMTP MTA's.
>
>3.6 Domains
>"Only resolvable, fully-qualified, domain names (FQDNs) are permitted when
>domain names are used in SMTP. In other words, names that can be resolved
>to MX RRs or A RRs (as discussed in section 5) are permitted, as are CNAME
>RRs whose targets can be resolved, in turn, to MX or A RRs."
>
>5. Address Resolution and Mail Handling
>"The lookup first attempts to locate an MX record associated with the name.
>If a CNAME record is found instead, the resulting name is processed as if it
>were the initial name."
These clearly refer to the case "CNAME record points to MX record", which
no-one has any problems with, or at least BIND certainly doesn't. The
"illegal" case is "MX record points to CNAME record", and RFC 2821 gives
no sanction for that. Section 5.1 in RFC 5321 makes it even more explicit.
You can, of course, turn off this particular check in BIND by specifying
"check-mx-cname ignore;" in the options or zone statements.
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list