David Sparks wrote:
>
> There are plenty of ways to get a mail loop that don't involve DNS
> mis-configuration. As such pretty much every major MTA detects and stops mail
> loops.
Not if you (accidentally) fat-finger the MTA configuration. It is
completely possible to still mis-configure a MTA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 29 Jan 2009 22:33:24 -0800, Al Stu wrote:
> Analyze this.
> Query MX dns.com
> Response MX nullmx.domainmanager.com
> Query A nullmx.domainmanager.com
> Response CNAME mta.dewile.net, A 64.40.103.249
So the fact that other random fol
On 30.01.09 22:55, Al Stu wrote:
> History is fraught with individuals or a few being ridiculed for putting
> forth that which goes against the conventional wisdom of the masses and so
> called experts, only to be vindicated once the masses and so called experts
> get their head out where the su
From: "Michael Milligan"
> To: "Al Stu"
> Cc:
> Sent: Friday, January 30, 2009 10:20 AM
> Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT
> "Illegal"
>
>
> > You just don't get it. You are off wandering around
Message -
> From: Noel Butler
> To: bind-users@lists.isc.org
> Sent: Friday, January 30, 2009 11:12 PM
> Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records
> are NOT "Illegal"
>
> On Sat, 20
On 31-Jan-2009, at 13:18, Al Stu wrote:
And what business of yours would it be if I did? That is pretty
much the point here. What business is it of yours, ISC, or anyone
else if I chose to run my DNS with MX's pointing to CNAMES? If it
is a "bad" practice, fine so be it. But it has p
es. For ISC to deem it
"illegal" is a fallacy and inappropriate..
- Original Message -
From: "Jeff Lightner"
To: "Danny Thomas" ;
Sent: Saturday, January 31, 2009 7:05 AM
Subject: RE: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT
"Illega
2009 11:17 PM
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT
"Illegal"
Al Stu wrote:
History is fraught with individuals or a few being ridiculed for putting
forth that which goes against the conventional wisdom of the masses and
so called experts, only to be
If I am trolling, that would make you a sucker/trash fish. Was the bait tasty?
That sentence does not make sense.
- Original Message -
From: Noel Butler
To: bind-users@lists.isc.org
Sent: Friday, January 30, 2009 11:12 PM
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in
ect: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT
"Illegal"
You just don't get it. You are off wandering around in the weeds.
Read the tail end of Chapter 5 in the book "DNS and BIND" describing the
MX selection algorithm in layman's terms to (per
To: bind-users@lists.isc.org
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT
"Illegal"
Al Stu wrote:
> History is fraught with individuals or a few being ridiculed for
> putting forth that which goes against the conventional wisdom of the
> masses
Al Stu wrote:
History is fraught with individuals or a few being ridiculed for
putting forth that which goes against the conventional wisdom of the
masses and so called experts, only to be vindicated once the masses
and so called experts get their head out where the sun is shining and
exposed
On Sat, 2009-01-31 at 16:55, Al Stu wrote:
> History is fraught with individuals or a few being ridiculed for putting
> forth that which goes against the conventional wisdom of the masses and so
You don't get to speak for anyone else but yourself, just because you
believe in your own trolling
of day.
Once upon a time the world was 'flat'. For some of you, apparently is still
is 'flat'.
- Original Message -
From: "Michael Milligan"
To: "Al Stu"
Cc:
Sent: Friday, January 30, 2009 10:20 AM
Subject: Re: BIND 9.6 Flaw - CNAME vs.
Michael Milligan wrote:
> You just don't get it. You are off wandering around in the weeds.
>
> Read the tail end of Chapter 5 in the book "DNS and BIND" describing the
> MX selection algorithm in layman's terms to (perhaps) understand why
> having MX records referencing CNAMEs is bad.
>
> It ma
You just don't get it. You are off wandering around in the weeds.
Read the tail end of Chapter 5 in the book "DNS and BIND" describing the
MX selection algorithm in layman's terms to (perhaps) understand why
having MX records referencing CNAMEs is bad.
It may work right now for you, but referenc
33 AM
> To: bind-users@lists.isc.org
> Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records
> are NOT "Illegal"
>
> Analyze this.
>
>
>
> Query MX dns.com
>
> Response MX nullmx.domainmanager.com
>
>
>
> Query A nullmx.domainm
On 29.01.09 22:33, Al Stu wrote:
> Analyze this.
Why?
> Query MX dns.com
>
> Response MX nullmx.domainmanager.com
>
>
>
> Query A nullmx.domainmanager.com
>
> Response CNAME mta.dewile.net, A 64.40.103.249
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wi
Analyze this.
Query MX dns.com
Response MX nullmx.domainmanager.com
Query A nullmx.domainmanager.com
Response CNAME mta.dewile.net, A 64.40.103.249
See attached network trace.
No. TimeSourceDestination Protocol Info
1 0.00192.168.1
On 27.01.09 10:18, Al Stu wrote:
> I not only say it, I have demonstrated it.
But you have demonstrated something different than we're discussing all the
time.
> BIND is the DNS system we are discussing.
> Have not looked to see if that specifically is spec'ed in an RFC.
> Yes other DNS implement
> > On 27.01.09 08:46, Al Stu wrote:
> > > So then you disagree that the following example returns a valid address
> > > record for srv1?
> > >
> > > srv1 300 IN A 1.2.3.4
> > > mx1 300 IN CNAME srv1.xyz.com.
> > > @ 300 IN MX 1 mx1.xyz.com.
> > >
> > > 1) Select Target Host:
> > > The MX q
In article ,
Matus UHLAR - fantomas wrote:
> On 27.01.09 08:46, Al Stu wrote:
> > So then you disagree that the following example returns a valid address
> > record for srv1?
> >
> > srv1 300 IN A 1.2.3.4
> > mx1 300 IN CNAME srv1.xyz.com.
> > @ 300 IN MX 1 mx1.xyz.com.
> >
> > 1) Select
In article ,
mlel...@serpens.de (Michael van Elst) wrote:
> Barry Margolin writes:
>
> >customer.com. IN MX 10 mx.yourdomain.com.
> >mx.yourdomain.com. IN CNAME mx.outsourcer.com.
> >mx.outsourcer.com. IN A ...
>
> That's just the same as
>
> | customer.com. IN MX 10 mx.outsourcer.com.
> | mx
In article ,
Mark Andrews wrote:
> Liberal in what you accepts means don't die on arbitary
> input. You should still reject rubbish.
But MX pointing to CNAME is not "rubbish". It's a violation of the
letter of the spec, but it's very clear what is intended.
--
Barry Margolin, b
>
>
> *** PLEASE don't copy me on replies, I'll read them in the group ***
>
>
> - Original Message -
> From: "Mark Andrews"
> To: "Al Stu"
> Cc:
> Sent: Tuesday, January 27, 2009 1:46 AM
> Subject: Re: BIND 9.6 Flaw - C
ailto:bind-users-boun...@lists.isc.org] On Behalf Of Al Stu
> Sent: Tuesday, January 27, 2009 12:13 PM
> To: bind-users@lists.isc.org
> Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records
> are NOT "Illegal"
>
> "They are two queries. If mx1 would be an A
I not only say it, I have demonstrated it.
BIND is the DNS system we are discussing.
Have not looked to see if that specifically is spec'ed in an RFC.
Yes other DNS implementations do return both the A and CNAME.
*** PLEASE don't copy me on replies, I'll read them in the group ***
- Origina
Tuesday, January 27, 2009 9:01 AM
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT
"Illegal"
On 27.01.09 08:46, Al Stu wrote:
So then you disagree that the following example returns a valid address
record for srv1?
srv1 300 IN A 1.2.3.4
mx1 300 IN CNAME srv1.
On 27.01.09 08:46, Al Stu wrote:
> So then you disagree that the following example returns a valid address
> record for srv1?
>
> srv1 300 IN A 1.2.3.4
> mx1 300 IN CNAME srv1.xyz.com.
> @ 300 IN MX 1 mx1.xyz.com.
>
> 1) Select Target Host:
> The MX query for xyz.com delivers mx1.xyz.com wh
uot;
To: "Al Stu"
Cc:
Sent: Tuesday, January 27, 2009 1:46 AM
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT
"Illegal"
In message <10b3763032c94ae2ba4900b3137d1...@ahsnbw1>, "Al Stu" writes:
The paragraph you cite regarding "
In message , Michael van Elst writes:
> Barry Margolin writes:
>
> >customer.com. IN MX 10 mx.yourdomain.com.
> >mx.yourdomain.com. IN CNAME mx.outsourcer.com.
> >mx.outsourcer.com. IN A ...
>
> That's just the same as
>
> | customer.com. IN MX 10 mx.outsourcer.com.
> | mx.outsourcer.com. IN A
Barry Margolin writes:
>customer.com. IN MX 10 mx.yourdomain.com.
>mx.yourdomain.com. IN CNAME mx.outsourcer.com.
>mx.outsourcer.com. IN A ...
That's just the same as
| customer.com. IN MX 10 mx.outsourcer.com.
| mx.outsourcer.com. IN A ...
except to people with half-a-knowledge about DNS quer
"Al Stu" writes:
>"No one is saying a CNAME is not permitted in response to a MX query."
>Well good then, we agree.
Hey troll. Go back to the shadow. You shall not pass!
--
--
Michael van Elst
Internet: mlel...@serpens.de
"A pote
On Jan 26, 2009, at 11:27 PM, David Ford wrote:
hand because each line isn't strictly well-formed per RFC. If every
vendor was as utterly asinine about absolutist conformance, sure, we'd
have a lot less mess out there, but we'd have a lot less forward
movement as well as a lot more fractioning
don't copy me on replies, I'll read them in the group ***
>
>
> ----- Original Message -----
> From: "Mark Andrews"
> To: "Al Stu"
> Cc:
> Sent: Monday, January 26, 2009 10:03 PM
> Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX
Naive users messing up using CNAMEs is really neither here nor there
because they are just as likely to mess up any other type of DNS
record. The fact that CNAME MX records has not destroyed the internet
belittles the staunch firestorm that CNAME MX records will destroy the
internet. I've never h
In message , Scott Haneda writ
es:
> On Jan 26, 2009, at 10:03 PM, Barry Margolin wrote:
>
> > In article ,
> > Scott Haneda wrote:
> >
> >> 100% right. I refuse MX's that are cnamed, and I get emails from
> >> customers asking what is up. What is strange, and I can not figure
> >> it
> >> o
I'll read them in the group ***
- Original Message -
From: "Mark Andrews"
To: "Al Stu"
Cc:
Sent: Monday, January 26, 2009 6:17 PM
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT
"Illegal"
In message <0aa37ce829ba458b9ba2d
x27;ll read them in the group ***
- Original Message -
From: "Mark Andrews"
To: "Al Stu"
Cc:
Sent: Monday, January 26, 2009 10:03 PM
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT
"Illegal"
In message , "Al Stu" write
On Jan 26, 2009, at 10:11 PM, Barry Margolin wrote:
In article ,
Scott Haneda wrote:
I have never got why this is such a hard thing for email admins to
get
right, but it certainly causes me headaches. I personally wish
CNAME's would just go away, keep them around, but just stop talking
abo
On Jan 26, 2009, at 10:03 PM, Barry Margolin wrote:
In article ,
Scott Haneda wrote:
100% right. I refuse MX's that are cnamed, and I get emails from
customers asking what is up. What is strange, and I can not figure
it
out, is that the admins of the DNS/email server always tell me this
t; query results in both the A and CNAME being returned. Thus meeting the SMTP
> RFC requirements.
>
>
> - Original Message -
> From: "Mark Andrews"
> To: "Al Stu"
> Cc:
> Sent: Monday, January 26, 2009 8:41 PM
> Subject: Re: BIND 9.6 Flaw -
In article ,
Scott Haneda wrote:
> I have never got why this is such a hard thing for email admins to get
> right, but it certainly causes me headaches. I personally wish
> CNAME's would just go away, keep them around, but just stop talking
> about them, then new to DNS users would not us
In article ,
Scott Haneda wrote:
> 100% right. I refuse MX's that are cnamed, and I get emails from
> customers asking what is up. What is strange, and I can not figure it
> out, is that the admins of the DNS/email server always tell me this is
> the first time they have heard of it.
So
lt is permitted to be and alias, which in turn when submitted for an A
> query results in both the A and CNAME being returned. Thus meeting the SMTP
> RFC requirements.
> - Original Message -
> From: "Mark Andrews"
> To: "Al Stu"
> Cc:
nd alias, which in turn when submitted for an A
query results in both the A and CNAME being returned. Thus meeting the SMTP
RFC requirements.
- Original Message -
From: "Mark Andrews"
To: "Al Stu"
Cc:
Sent: Monday, January 26, 2009 8:41 PM
Subject: Re: BIND
"
> To: "Al Stu"
> Cc:
> Sent: Monday, January 26, 2009 8:09 PM
> Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT
> "Illegal"
>
>
> > On Jan 26, 2009, at 7:54 PM, Al Stu wrote:
> >
> >> If you refuse a CN
tt Haneda"
To: "Al Stu"
Cc:
Sent: Monday, January 26, 2009 8:09 PM
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT
"Illegal"
On Jan 26, 2009, at 7:54 PM, Al Stu wrote:
If you refuse a CNAME then it is your SMTP server that is broken. The
SM
On Jan 26, 2009, at 7:54 PM, Al Stu wrote:
If you refuse a CNAME then it is your SMTP server that is broken.
The SMTP RFC's clearly state that SMTP servers are to accept and
lookup a CNAME.
[RFC974] explicitly states that MX records shall not point to an alias
defined by a CNAME. That
26, 2009 6:24 PM
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT
"Illegal"
On Jan 26, 2009, at 6:17 PM, Mark Andrews wrote:
Which just means you have not ever experienced the problems
causes. MTA are not required to look up the addresses of
all the mail excha
On Jan 26, 2009, at 6:17 PM, Mark Andrews wrote:
Which just means you have not ever experienced the problems
causes. MTA are not required to look up the addresses of
all the mail exchangers in the MX RRset to process the MX
RRset. MTA usually learn their name by
me is not a CNAME or there is a
misconfiguration.
The fact that email still gets delivered in the presence
of misconfigurations is good luck rather than good management.
Mark
> ----- Original Message -
> From: "Mark Andrews"
> To:
riginal Message -
From: "Matus UHLAR - fantomas"
To:
Sent: Monday, January 26, 2009 8:18 AM
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT
"Illegal"
> On 26.01.09 09:19, bsfin...@anl.gov wrote:
>> If I have in DNS
>>
>>
it off in named.conf but don't log a bug report complaining
that we didn't detect the misconfiguration.
Mark
> - Original Message -----
> From: "Matus UHLAR - fantomas"
> To:
> Sent: Monday, January 26, 2009 8:18 AM
> Subject: Re: BIND 9
And yet here you are continuing to proliferate the thread. Thank you!
- Original Message -
From: Noel Butler
To: Danny Thomas
Cc: bind-users@lists.isc.org
Sent: Monday, January 26, 2009 2:23 PM
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT
"Illega
On Tue, 2009-01-27 at 07:43, Danny Thomas wrote:
> Al Stu wrote:
> > So within the zone SMTP requirements are in fact met when the
> > MX RR is a CNAME.
> you might argue the line of it being OK when additional processing
> includes an A record.
>
In all the time its taken him to type his ran
Al Stu wrote:
> So within the zone SMTP requirements are in fact met when the
> MX RR is a CNAME.
you might argue the line of it being OK when additional processing
includes an A record.
"Be conservative in what you send" means that fewer problems are
likely from reasonable compliance with standa
hould be improved to include this case and not throw
a message if the MX RR CNAME is resolvable within the zone.
- Original Message -
From: "Matus UHLAR - fantomas"
To:
Sent: Monday, January 26, 2009 8:18 AM
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT
&
On 26.01.09 09:19, bsfin...@anl.gov wrote:
> If I have in DNS
>
> cn IN CNAME realname
>
> and I query for cn, the DNS resolver will return "realname".
> BIND also returns the "A" record for realname. Is this a requirement?
> If not, then
>
> mx IN 10 MX cn
>
> will result in:
>
>
I have not copied the entire thread.
>You've added an additional step in your second paragraph that is
>prohibited by the section you quoted in the first. The section from
>the RFC describes a situation where A is queried for and an MX record
>pointing to B is returned. When B is queried f
On 25-Jan-2009, at 23:06 , Barry Margolin wrote:
In article ,
Matthew Pounsett wrote:
In the example above, when I query for "IN A mx.xyz.com?" I do not
get
an address record back (A, )..instead I get a CNAME record.
Requirements NOT met.
Then there's something wrong with your resolv
In article ,
Matthew Pounsett wrote:
> In the example above, when I query for "IN A mx.xyz.com?" I do not get
> an address record back (A, )..instead I get a CNAME record.
> Requirements NOT met.
Then there's something wrong with your resolver, since they're supposed
to follow CNAME r
MX records are supposed to be pointed to the name the mail
exhanger knows itself as. This will correspond to a A
record. If I could work out a way to determine which A
records don't correspond to the name by which the mail
exchanger knows itself as I'd als
On Jan 25 2009, Chris Hills wrote:
Perhaps one day MX records can be deprecated entirely in favor of SRV.
Jabber got it right, and it would solve the e-mail server autodiscovery
problem for clients in a generic non-proprietary manner.
For example:- _smtp-server._tcp for servers, _smtp-client.
Perhaps one day MX records can be deprecated entirely in favor of SRV.
Jabber got it right, and it would solve the e-mail server autodiscovery
problem for clients in a generic non-proprietary manner.
For example:- _smtp-server._tcp for servers, _smtp-client._tcp for clients.
__
Al Stu wrote:
> ISC’s message that a CNAME/alias in an MX record is illegal is incorrect
> and just an attempt by ISC to get people to go along with what is only a
> perceived rather than actual standard/requirement, and should be removed
> so as not to further the fallacy of this perceived percep
ay, January 25, 2009 10:30 AM
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT
"Illegal"
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
__
On 25-Jan-2009, at 13:15 , Al Stu wrote:
Yes, blah was supposed to be srv1.
I do receive both the CNAME and A records for the A mx.xyz.com
query. See attached capture file.
In the capture file three global search and replacements were
performed to match the previous example.
1) domain
Attachment (hopefully)
- Original Message -
From: "Al Stu"
To:
Sent: Sunday, January 25, 2009 10:15 AM
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT
"Illegal"
Yes, blah was supposed to be srv1.
I do receive both the CNAME and
was replaced with srv1
3) server ip address was replaced with 1.2.3.4
Requirements are met.
- Original Message -
From: "Matthew Pounsett"
To: "Al Stu"
Cc:
Sent: Sunday, January 25, 2009 9:49 AM
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Recor
On 25-Jan-2009, at 12:41 , Al Stu wrote:
"That domain name, when queried, MUST return at least one address
record (e.g., A or RR) that gives the IP address of the SMTP
server to which the message should be directed."
@ 1800 IN A 1.2.3.4
srv1 1800 IN A 1.2.3.4
mx 1800 IN CNAME blah.xyz
No I do not believe an extra step was added. Take the following example for
instance.
STMP server smtp.xyz.com. needs to send a message to some...@xyz.com. An MX
lookup is performed for domain xyz.com. and the domain name of mx.xyz.com is
returned. This is the first sentence:
"When a do
On Jan 25 2009, Al Stu wrote:
RFC 2821 is much more recent and clearly documents in sections 3.5 and 5
that CNAME MX RR are permitted and are to be handled by SMTP MTA's.
3.6 Domains
"Only resolvable, fully-qualified, domain names (FQDNs) are permitted when
domain names are used in SMTP. In
On 25-Jan-2009, at 03:44 , Al Stu wrote:
"When a domain name associated with an MX RR is looked up and the
associated data field obtained, the data field of that response MUST
contain a domain name.That domain name, when queried, MUST
return at least one address record (e.g., A or
At 00:44 25-01-2009, Al Stu wrote:
"When a domain name associated with an MX RR is looked up and the
associated data field obtained, the data field of that response MUST
contain a domain name.That domain name, when queried, MUST
return at least one address record (e.g., A or RR) that g
ord (e.t., A or RR)". But yet ISC seems to find it
necessary to throw a message that it is "illegal", when it clearly is not.
- Original Message -
From: "SM"
To:
Sent: Sunday, January 25, 2009 12:23 AM
Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX
RFC 2821 is much more recent and clearly documents in sections 3.5 and 5
that CNAME MX RR are permitted and are to be handled by SMTP MTA's.
3.6 Domains
"Only resolvable, fully-qualified, domain names (FQDNs) are permitted when
domain names are used in SMTP. In other words, names that can be r
At 22:11 24-01-2009, Al Stu wrote:
Some people seem to think RFC 974 creates a standard which prohibits
the use of CNAME/alias in MX records. But very much to the contrary
RFC 974 demonstrates that CNAME/alias is permitted in MX records.
RFC 974 is obsoleted by RFC 2821; the latter is obsolet
Al Stu wrote:
>BIND 9.6 ‘named’ throws the following message during startup claiming
>that it is illegal to use a CNAME/alias in the MX record.
>I beg to differ. There is no such standard nor requirement prohibiting
>the use of CNAME/alias in an MX record.
>
>Some people seem to think RFC 974 crea
Al:
If you read RFC 2181 section 10.3, RFC 1034 section 3.6, RFC 1912 (page 6),
the average person would understand that it's strongly discouraged. Perhaps
"illegal" is too strong a word, but the weight of the RFCs and best
practices appears to disagree with your assessment that "there is no s
80 matches
Mail list logo
