Re: Questions...

Wed, 13 Sep 2000 00:39:44 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12 Sep 2000, at 16:32, Michael T. Babcock wrote:

> cf. http://www.faqs.org/rfcs/rfc974.html
> 
> This is the only mention of the non-use of CNAMEs in the mail
> standards.

I beg to differ. Please have a look at RFC1912, called "Common 
DNS errors". Quoting section 2.4:

>    Don't use CNAMEs in combination with RRs which point to other names
>    like MX, CNAME, PTR and NS.  (PTR is an exception if you want to
>    implement classless in-addr delegation.)  For example, this is
>    strongly discouraged:
> 
>            podunk.xx.      IN      MX      mailhost
>            mailhost        IN      CNAME   mary
>            mary            IN      A       1.2.3.4
> 
> 
>    [RFC 1034] in section 3.6.2 says this should not be done, and [RFC
>    974] explicitly states that MX records shall not point to an alias
>    defined by a CNAME.  This results in unnecessary indirection in
>    accessing the data, and DNS resolvers and servers need to work more
>    to get the answer.  If you really want to do this, you can
>    accomplish the same thing by using a preprocessor such as m4 on
>    your host files.
> 
>    Also, having chained records such as CNAMEs pointing to CNAMEs may
>    make administration issues easier, but is known to tickle bugs in
>    some resolvers that fail to check loops correctly.  As a result
>    some hosts may not be able to resolve such names.
> 
>    Having NS records pointing to a CNAME is bad and may conflict badly
>    with current BIND servers.  In fact, current BIND implementations
>    will ignore such records, possibly leading to a lame delegation.
>    There is a certain amount of security checking done in BIND to
>    prevent spoofing DNS NS records.  Also, older BIND servers
>    reportedly will get caught in an infinite query loop trying to
>    figure out the address for the aliased nameserver, causing a
>    continuous stream of DNS requests to be sent.

Other questions? :-)

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8 -- QDPGP 2.61b
Comment: http://community.wow.net/grt/qdpgp.html

iQA/AwUBOb8iI1MwP8g7qbw/EQL0WgCbB/8Wg5/5QGD1fhFQXICfAPT/PNQAn2E8
eWs9TlvDrtbi3+ehcuKRNYXH
=IpoY
-----END PGP SIGNATURE-----
--
Petr Novotny, ANTEK CS
[EMAIL PROTECTED]
http://www.antek.cz
PGP key ID: 0x3BA9BC3F
-- Don't you know there ain't no devil there's just God when he's drunk.
                                                             [Tom Waits]

Reply via email to