From owner-freebsd-isp Thu Jul 23 08:10:18 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id IAA00375 for freebsd-isp-outgoing; Thu, 23 Jul 1998 08:10:18 -0700 (PDT) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from pau-amma.whistle.com (s205m64.whistle.com [207.76.205.64]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA00369; Thu, 23 Jul 1998 08:10:16 -0700 (PDT) (envelope-from dhw@whistle.com) Received: (from dhw@localhost) by pau-amma.whistle.com (8.8.8/8.8.7) id IAA05577; Thu, 23 Jul 1998 08:08:57 -0700 (PDT) (envelope-from dhw) Date: Thu, 23 Jul 1998 08:08:57 -0700 (PDT) From: David Wolfskill Message-Id: <199807231508.IAA05577@pau-amma.whistle.com> To: jmb@FreeBSD.ORG, root@internet.dk Subject: Re: MX CNAME Cc: isp@FreeBSD.ORG In-Reply-To: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Date: Thu, 23 Jul 1998 08:38:33 +0200 (MET DST) >From: domreg >On Wed, 22 Jul 1998, Jonathan M. Bresler wrote: >> Leif Neland wrote: >>> Why does named complain when a MX-record points to a CNAME? >> because its wrong. the RFC require that MX'es point >> to A records, not CNAME records, to the best of my >> memory. >What is the problem? Does it break anything? Yes; it does. Mail transport agents are under no obligation to (further) resolve a CNAME. That is, the MTA can merely ask DNS for the A record for a given (fully-qualified) hostname. The DNS reply says "Sorry; no A record. I have a special on CNAMEs, though; can I interest you in one of those?" The MTA is, at that point quite free to say "No," and fail to deliver the mail to the host in question. sendmail *can* be configured to respond, in such a situation, with a request to chase down the CNAME and then ask for the A record for whatever the CNAME points to. This is part of the design to try to deliver as much mail as possible, even in the face of misconfigured sites. It is my recollection that sendmail can also be configured to adopt the stricter approach. And sendmail is by no means the only MTA out there. Here's a note from sendmail's cf/README file, as of sendmail 8.8.8: confDONT_EXPAND_CNAMES DontExpandCnames [False] If set, $[ ... $] lookups that do DNS based lookups do not expand CNAME records. This currently violates the published standards, but the IETF seems to be moving toward legalizing this. For example, if "FTP.Foo.ORG" is a CNAME for "Cruft.Foo.ORG", then with this option set a lookup of "FTP" will return "FTP.Foo.ORG"; if clear it returns "Cruft.FOO.ORG". N.B. you may not see any effect until your downstream neighbors stop doing CNAME lookups as well. >Should I go change all the ocurrences in all the domains we host? If you want them to be able to receive mail, and they are curently misconfigured, I'd recommend that, yes. >Or should I give mailhost the same ip-adress as the realhost instead of >giving it a cname to realhost? If I understand that, it sounds as if you're asking if it would be OK to have 2 different A records with different names, but the same IP address. The answer to that is "yes" -- that's not a problem at all. However, when it comes to making the PTR records, you'll need to make a decision as to the true "canonical name" associated with the IP address in question. The issue is that there needs to be a valid A record for a hostname to which mail is to be delivered. Cheers, david -- David Wolfskill UNIX System Administrator dhw@whistle.com voice: (650) 577-7158 pager: (650) 371-4621 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message