On Wed, May 11, 2005 at 05:38:09AM -0700, J.C. Roberts wrote: > On Wed, 11 May 2005 02:23:43 -0400, Bruno Delbono > <[EMAIL PROTECTED]> wrote: > > >Smith wrote: > >> alerts. If sendmail has a security alert and OpenBSD is vulnerable, > >> OpenBSD will let me know pretty quickly. I don't need to keep track of > >> sendmail alerts, just OpenBSD's. > > > >PS - Maybe someone can teach you mail 101. It's never a good idea to > >have a CNAME to be the MX. > > > >confuciun.com. 497 IN MX 10 mail.confuciun.com. > >mail.confuciun.com. 600 IN CNAME confuciun.com. > > > Though the answer is supposedly in "mail 101" or maybe DNS 101, I've > been unable find a decent reason for your statement? I hope you don't > mind the dumb question of "why?" >
This is DNS 101. CNAME are mostly always abused. There are a few rules: 1. It is forbidden to use a CNAME for a node that has other records. 2. A CNAME should only point to an A record and nothing else. 3. Don't use CNAME domains in NS and MX definitions. 1. Is forbidden by the RFC 2. Should not be done because it may result in loops 3. This additional indirection slows down lookups and may get you in troubles with some resolvers. Additionaly it is not possible to glue a CNAME. -- :wq Claudio
