Re: [courier-users] MX should not point to a CNAME?

Thu, 22 Jan 2015 10:25:32 -0800 

On Thu, Jan 22, 2015 at 3:06 PM, Jeff Potter <jpotter-cour...@codepuppy.com>
wrote:

> > ...
> > My understanding of why CNAMEs are prohibited for MX hosts is that they
> can
> > introduce loops.  The last paragraph of Section 5.1 explains how a sender
> > should attempt to locate itself in the list of MXes, ordered by
> preference.
> > You may want to compare that paragraph with the historic discussion in
> RFC 974,
> > which, under "Minor Special Issues", says:
>
> The other issue: a sending server can resolve the CNAME and rewrite the
> address on you. I saw this years ago.
>
> E.g.:
>
> foo.com with a CNAME of “bar.com”
> foo.com with an MX of “some-good-mailserver.example.com”
>

Well, this is in direct violation of the DNS specification for CNAME. When
foo.com is a CNAME, it CANNOT have any other records, so the behaviour of
that MX record is undefined, whether it breaks in the way you describe or
foo.com simply won't resolve, is too risky to rely on.

RFC 1034, section 3.6.2, third paragraph:

The domain system provides such a feature using the canonical name
(CNAME) RR.  A CNAME RR identifies its owner name as an alias, and
specifies the corresponding canonical name in the RDATA section of the
RR.  If a CNAME RR is present at a node, no other data should be
present; this ensures that the data for a canonical name and its aliases
cannot be different.  This rule also insures that a cached CNAME can be
used without checking with an authoritative server for other RR types.

-- 
Jan

------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to