Jeroen Massar <[email protected]> wrote: > "Don't use CNAMEs in combination with RRs which point to other names" > > And thus CNAME -> MX -> A falls under that too.
No, it is only names in RDATA that should not refer to CNAMEs. In practice, this depends a lot in the RR in question. NS pointing to CNAME is not going to work. MX pointing to CNAME probably will work. CNAME pointing to anything should work, except for the historical screwup in the way mail software handles CNAME. Note that this does not just affect CNAME pointing to MX, but also CNAME pointing to A and CNAME pointing to AAAA, when the CNAME is used as a mail domain. > The problem with the above specifically is that Sendmail will cause some > issues, as it will lookup the CNAME, and replace all headers with the > destination, [...] > > Sendmail is one of the few and maybe only SMTP server that does though > and hence you will just get very inconsistent results depending if the > remote site (which you do not control) still uses that. This is a remnant of the pre-DRUMS email specifications, in particular the requirement in RFC 821 that domain aliases (i.e. CNAMEs) are not allowed in mail, and the clarification in RFC 1123 that CNAMEs should be interpreted as instructions to rewrite domains. Other MTAs do similar things, for instance qmail rewrites envelope domains (but not message headers) - http://fanf.livejournal.com/122220.html The IETF Detailed Revision and Update of Messaging Standards working group decided to remove the ban on CNAME domains in the 1990s. But they are still an interop disaster. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
