BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"
David Sparks
dave at ca.sophos.com
Sat Jan 31 02:12:02 UTC 2009
Michael Milligan wrote:
> You just don't get it. You are off wandering around in the weeds.
>
> Read the tail end of Chapter 5 in the book "DNS and BIND" describing the
> MX selection algorithm in layman's terms to (perhaps) understand why
> having MX records referencing CNAMEs is bad.
>
> It may work right now for you, but referencing CNAMEs in MX records
> eventually _will_ cause delivery loops the next time you accidentally
> fat-finger a config. If you continue to be hard-headed about this and
> not listen to the 100s of years of collective wisdom dispensed, then go
> ahead and leave yourself set up for a potential DoS against yourself,
> we're not going to stop you... and we're not going to feel sorry for
> you either.
There are plenty of ways to get a mail loop that don't involve DNS
mis-configuration. As such pretty much every major MTA detects and stops mail
loops.
So mail loops are a non-issue ... next?
ds
> FIN
>
> Regards,
> Mike
>
> Al Stu wrote:
>> Analyze this.
>>
>> Query MX dns.com
>>
>> Response MX nullmx.domainmanager.com
>>
>> Query A nullmx.domainmanager.com
>>
>> Response CNAME mta.dewile.net, A 64.40.103.249
>>
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Environmental thought: print this email in triplicate!
(ygolohcysp esrever)
More information about the bind-users
mailing list