> On 17 Nov 2019, at 17:20, Viktor Dukhovni <ietf-d...@dukhovni.org> wrote: > >> On Nov 16, 2019, at 9:41 AM, John Levine <jo...@taugh.com> wrote: >> >> Remember that it's invalid for an NS or MX to point to a CNAME so I assume >> it's equally invalid for them to point to a DNAME. > > There's no need for NS RRs pointing the non-canonical names, the DNAMEs > are there for continuity (or to support alternative representations) of > actual application services. That's not a real barrier to DNAME use. > > And speaking of application services, the prohibition of MX pointing to > CNAME is not enforced by any MTA I'm aware, and a small, but non-negligible > fraction of domains do have MX RRs that point to CNAMEs.
Just because broken configuration don’t always cause problems doesn’t mean that they don’t sometimes. MTA’s need to know what names they are known by to properly remove MX records from consideration when performing store and forward. Email forwarding loops still occur. > In my DANE survey, out of of 8503 MX hosts, 130 (1.5%) are CNAME aliases. > None presently via DNAMEs, but Tony Finch has a DNAME redirecting TLSA > lookups: > > _tcp.hummus.csx.cam.ac.uk. IN DNAME _hummus_tcp.exim.org. > > and three other domains also have DNAME-redirected _tcp subtrees. > > -- > Viktor. > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
