BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

[Scott Haneda]

On Jan 26, 2009, at 6:17 PM, Mark Andrews wrote:

> 	Which just means you have not ever experienced the problems
> 	causes.  MTA are not required to look up the addresses of
> 	all the mail exchangers in the MX RRset to process the MX
> 	RRset.  MTA usually learn their name by gethostname() or
> 	similar and that name is not a CNAME or there is a
> 	misconfiguration.
>
> 	The fact that email still gets delivered in the presence
> 	of misconfigurations is good luck rather than good management.


100% right.  I refuse MX's that are cnamed, and I get emails from  
customers asking what is up.  What is strange, and I can not figure it  
out, is that the admins of the DNS/email server always tell me this is  
the first time they have heard of it.

Despite me pointing them to RFC on the matter, since it has worked in  
the past, they think it is my MTA that is wrong.  I hate to budge on  
it, as this is a simple thing to understand and fix, but it seems many  
other email servers out there will run up and down a DNS server to  
find any address they can.

In the end, they almost always refuse to change their DNS, and I and  
up making a static route for them.  They change the record later, and  
then it breaks.

I have never got why this is such a hard thing for email admins to get  
right, but it certainly causes me headaches.  I personally wish  
CNAME's would just go away, keep them around, but just stop talking  
about them, then new to DNS users would not use them.
--
Scott