On 5/3/23 19:02, Ken Peng via Postfix-users wrote:
I am just not sure, for this domain SpaceMail.com, who has a CNAME to CDN for
the root domain, every query to this domain will get a CNAME. for instance,
$ dig spacemail.com mx +nocmd +noall +answer
spacemail.com. 60 IN CNAME
spacemail.com.cdn.cloudflare.net.
$ dig spacemail.com txt +nocmd +noall +answer
spacemail.com. 47 IN CNAME
spacemail.com.cdn.cloudflare.net.
How does it get mail then? incoming mail was handled by
spacemail.com.cdn.cloudflare.net?
Here's my opinion on general recommendations on this topic:
It is not a good idea to use CNAME for an entire domain, mostly because
of the DNS rule that Sean mentioned -- if there is a CNAME record for a
name, then that name is not allowed to have most other record types. So
if you use a CNAME for a whole domain, you can't define anything else,
including MX, though apparently the records required for DNSSEC signing
are allowed. The only proper use I can think of for a CNAME on an
entire domain is to alias it to another domain which has records for
things like NS, SOA, MX, etc. The spacemail.com info you shared points
to a CDN hostname that does NOT have these things. I tried connecting
to port 25 on the CDN hostname from my mail server, and was unable to
connect, so email delivery for spacemail.com is very likely non-functional.
The web presence for a domain should use subdomains ... www.example.com
for instance.
There should be an A or AAAA record for example.com. The web server or
proxy at that IP address should redirect all incoming requests for
"example.com" to a proper subdomain, perhaps www.example.com. That
should be done in a way that results in the browser URL changing to the
correct canonical subdomain.
If handling mail for n...@example.com is desired, then example.com needs
an MX record pointing at a host running a mail server. The name in the
MX record should have an A or AAAA record. If it is a CNAME, then mail
delivery probably won't work correctly.
One or more subdomains should be set up as CNAMEs for anything that
needs to be handled entirely by a CDN ... those subdomains can't be used
for anything else.
The other DNS records for mail, like imap.example.com, can usually be
CNAMEs.
Thanks,
Shawn
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
