If you refuse a CNAME then it is your SMTP server that is broken. The SMTP
RFC's clearly state that SMTP servers are to accept and lookup a CNAME.
----- Original Message -----
From: "Scott Haneda" <talkli...@newgeo.com>
To: "Mark Andrews" <mark_andr...@isc.org>
Cc: "Al Stu" <al_...@verizon.net>; <bind-users@lists.isc.org>
Sent: Monday, January 26, 2009 6:24 PM
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT
"Illegal"
On Jan 26, 2009, at 6:17 PM, Mark Andrews wrote:
Which just means you have not ever experienced the problems
causes. MTA are not required to look up the addresses of
all the mail exchangers in the MX RRset to process the MX
RRset. MTA usually learn their name by gethostname() or
similar and that name is not a CNAME or there is a
misconfiguration.
The fact that email still gets delivered in the presence
of misconfigurations is good luck rather than good management.
100% right. I refuse MX's that are cnamed, and I get emails from
customers asking what is up. What is strange, and I can not figure it
out, is that the admins of the DNS/email server always tell me this is
the first time they have heard of it.
Despite me pointing them to RFC on the matter, since it has worked in the
past, they think it is my MTA that is wrong. I hate to budge on it, as
this is a simple thing to understand and fix, but it seems many other
email servers out there will run up and down a DNS server to find any
address they can.
In the end, they almost always refuse to change their DNS, and I and up
making a static route for them. They change the record later, and then
it breaks.
I have never got why this is such a hard thing for email admins to get
right, but it certainly causes me headaches. I personally wish CNAME's
would just go away, keep them around, but just stop talking about them,
then new to DNS users would not use them.
--
Scott
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
