BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

Mark Andrews Mark_Andrews at isc.org
Tue Jan 27 04:41:02 UTC 2009 

In message <3C802402A28C4B2390B088242A91FB9C at AHSNBW1>, "Al Stu" writes:
> 
> RFC 974:
> "There is one other special case.  If the response contains an answer which
> is a CNAME RR, it indicates that REMOTE is actually an alias for some other
> domain name. The query should be repeated with the canonical domain name."

	And that is talking about the response to a MX query.  The section
	from which you quote starts with: 

Issuing a Query

   The first step for the mailer at LOCAL is to issue a query for MX RRs
   for REMOTE.  It is strongly urged that this step be taken every time
   a mailer attempts to send the message.  The hope is that changes in
   the domain database will rapidly be used by mailers, and thus domain
   administrators will be able to re-route in-transit messages for
   defective hosts by simply changing their domain databases.

	and the paragraph after that which you quote is:

   If the response does not contain an error response, and does not
   contain aliases, its answer section should be a (possibly zero
   length) list of MX RRs for domain name REMOTE (or REMOTE's true
   domain name if REMOTE was a alias).  The next section describes how
   this list is interpreted.

	So I would suggest that you stop taking text out of context.

	CNAME -> MX is legal
	MX -> CNAME is illegal

	Mark
 
> ----- Original Message ----- 
> From: "Scott Haneda" <talklists at newgeo.com>
> To: "Al Stu" <Al_Stu at Verizon.net>
> Cc: <bind-users at lists.isc.org>
> Sent: Monday, January 26, 2009 8:09 PM
> Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT 
> "Illegal"
> 
> 
> > On Jan 26, 2009, at 7:54 PM, Al Stu wrote:
> >
> >> If you refuse a CNAME then it is your SMTP server that is broken.   The 
> >> SMTP RFC's clearly state that SMTP servers are to accept and  lookup a 
> >> CNAME.
> >
> >
> > [RFC974] explicitly states that MX records shall not point to an alias 
> > defined by a CNAME.  That is what I was talking about, are you saying 
> > this is not correct?  As this is what I was under the impression for 
> > quite some time.
> > --
> > Scott
> > 
> 
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org

More information about the bind-users mailing list