BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"
Al Stu
Al_Stu at Verizon.net
Sat Jan 31 18:05:20 UTC 2009
The basic argument that because it can be misused, abused, criminally
exploited, etc., it should be abolished, not permitted, and deemed "illegal"
by a group of people who should not have that authority, even though it has
practical and beneficial uses is absurd. By that same logic automobiles
should also be abolished and we should all just go back to horse and buggy.
Oh wait, those too should be abolished based on that same logic.
----- Original Message -----
From: "Michael Milligan" <milli at acmeps.com>
To: "Al Stu" <Al_Stu at Verizon.net>
Cc: <bind-users at lists.isc.org>
Sent: Friday, January 30, 2009 10:20 AM
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT
"Illegal"
> You just don't get it. You are off wandering around in the weeds.
>
> Read the tail end of Chapter 5 in the book "DNS and BIND" describing the
> MX selection algorithm in layman's terms to (perhaps) understand why
> having MX records referencing CNAMEs is bad.
>
> It may work right now for you, but referencing CNAMEs in MX records
> eventually _will_ cause delivery loops the next time you accidentally
> fat-finger a config. If you continue to be hard-headed about this and
> not listen to the 100s of years of collective wisdom dispensed, then go
> ahead and leave yourself set up for a potential DoS against yourself,
> we're not going to stop you... and we're not going to feel sorry for
> you either.
>
> FIN
>
> Regards,
> Mike
>
> Al Stu wrote:
>> Analyze this.
>>
>> Query MX dns.com
>>
>> Response MX nullmx.domainmanager.com
>>
>> Query A nullmx.domainmanager.com
>>
>> Response CNAME mta.dewile.net, A 64.40.103.249
>>
>
More information about the bind-users
mailing list