Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

Mon, 26 Jan 2009 09:52:46 -0800

"Thus, if an alias is used as the value of an NS or MX record, no address will be returned with the NS or MX value."
Above statement, belief, perception etc. has already been proven to be a fallacy (see the network trace attached to one of the previous messages). Both the CNAME and A record is in fact returned, unless the CNAME RR points to some other zone such as say smtp.googlemail.com. 


So within the zone SMTP requirements are in fact met when the MX RR is a 
CNAME.  So there is no need to prevent this nor to label it as "illegal". 
The MX RR CNAME check should be improved to include this case and not throw 
a message if the MX RR CNAME is resolvable within the zone.




----- Original Message ----- 
From: "Matus UHLAR - fantomas" <uh...@fantomas.sk>

To: <bind-users@lists.isc.org>
Sent: Monday, January 26, 2009 8:18 AM

Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT 
"Illegal"




On 26.01.09 09:19, bsfin...@anl.gov wrote:

If I have in DNS

     cn IN CNAME realname

and I query for cn, the DNS resolver will return "realname".
BIND also returns the "A" record for realname.  Is this a requirement?
If not, then

     mx IN 10 MX cn

will result in:

     1) the MX query returning cn,

     2) the cn query returning realname,

     3) a third (and RFC-breaking) query to get the "A" for realname.

There are only two queries if the resolver returns the "A" record along
with the realname of the CNAME record.


according to RFC1035 sect. 3.3.9

"MX records cause type A additional section processing for the host
specified by EXCHANGE."

according to RFC2181 sect 10.3.

"The domain name used as the value of a NS resource record, or part of the
value of a MX resource record must not be an alias."

"It can also have other RRs, but never a CNAME RR."

"Additional section processing does not include CNAME records"...

"Thus, if an alias is used as the value of an NS or MX record, no address
will be returned with the NS or MX value."


--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"The box said 'Requires Windows 95 or better', so I bought a Macintosh".
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org

https://lists.isc.org/mailman/listinfo/bind-users 


_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users























					Reply via email to