BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"
Michael Milligan
milli at acmeps.com
Fri Jan 30 18:20:27 UTC 2009
You just don't get it. You are off wandering around in the weeds.
Read the tail end of Chapter 5 in the book "DNS and BIND" describing the
MX selection algorithm in layman's terms to (perhaps) understand why
having MX records referencing CNAMEs is bad.
It may work right now for you, but referencing CNAMEs in MX records
eventually _will_ cause delivery loops the next time you accidentally
fat-finger a config. If you continue to be hard-headed about this and
not listen to the 100s of years of collective wisdom dispensed, then go
ahead and leave yourself set up for a potential DoS against yourself,
we're not going to stop you... and we're not going to feel sorry for
you either.
FIN
Regards,
Mike
Al Stu wrote:
> Analyze this.
>
> Query MX dns.com
>
> Response MX nullmx.domainmanager.com
>
> Query A nullmx.domainmanager.com
>
> Response CNAME mta.dewile.net, A 64.40.103.249
>
More information about the bind-users
mailing list