Date: Thu, 23 Jul 1998 08:08:57 -0700 (PDT) From: David Wolfskill <dhw@whistle.com> To: jmb@FreeBSD.ORG, root@internet.dk Cc: isp@FreeBSD.ORG Subject: Re: MX CNAME Message-ID: <199807231508.IAA05577@pau-amma.whistle.com> In-Reply-To: <Pine.LNX.3.93.980723083520.18443B-100000@zet.internet.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
>Date: Thu, 23 Jul 1998 08:38:33 +0200 (MET DST)
>From: domreg <root@internet.dk>
>On Wed, 22 Jul 1998, Jonathan M. Bresler wrote:
>> Leif Neland wrote:
>>> Why does named complain when a MX-record points to a CNAME?
>> because its wrong. the RFC require that MX'es point
>> to A records, not CNAME records, to the best of my
>> memory.
>What is the problem? Does it break anything?
Yes; it does. Mail transport agents are under no obligation to
(further) resolve a CNAME. That is, the MTA can merely ask DNS for the
A record for a given (fully-qualified) hostname. The DNS reply says
"Sorry; no A record. I have a special on CNAMEs, though; can I interest
you in one of those?" The MTA is, at that point quite free to say "No,"
and fail to deliver the mail to the host in question.
sendmail *can* be configured to respond, in such a situation, with a
request to chase down the CNAME and then ask for the A record for
whatever the CNAME points to. This is part of the design to try to
deliver as much mail as possible, even in the face of misconfigured
sites.
It is my recollection that sendmail can also be configured to adopt the
stricter approach. And sendmail is by no means the only MTA out there.
Here's a note from sendmail's cf/README file, as of sendmail 8.8.8:
confDONT_EXPAND_CNAMES DontExpandCnames
[False] If set, $[ ... $] lookups that
do DNS based lookups do not expand
CNAME records. This currently violates
the published standards, but the IETF
seems to be moving toward legalizing
this. For example, if "FTP.Foo.ORG"
is a CNAME for "Cruft.Foo.ORG", then
with this option set a lookup of
"FTP" will return "FTP.Foo.ORG"; if
clear it returns "Cruft.FOO.ORG". N.B.
you may not see any effect until your
downstream neighbors stop doing CNAME
lookups as well.
>Should I go change all the ocurrences in all the domains we host?
If you want them to be able to receive mail, and they are curently
misconfigured, I'd recommend that, yes.
>Or should I give mailhost the same ip-adress as the realhost instead of
>giving it a cname to realhost?
If I understand that, it sounds as if you're asking if it would be OK to
have 2 different A records with different names, but the same IP
address. The answer to that is "yes" -- that's not a problem at all.
However, when it comes to making the PTR records, you'll need to make a
decision as to the true "canonical name" associated with the IP address
in question.
The issue is that there needs to be a valid A record for a hostname to
which mail is to be delivered.
Cheers,
david
--
David Wolfskill UNIX System Administrator
dhw@whistle.com voice: (650) 577-7158 pager: (650) 371-4621
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199807231508.IAA05577>