On Thu, 21 Jul 2005, Scott Kitterman wrote:
That tends, I think, to reinforce the interpretation that CNAME chains are
disallowed by RFC 2181.
Not by my reading.
So, a conservative approach, that a validator might take, would be be
PermError if they hit a chain, because receivers might do that based on
2181, but, even though 2181 is 8 years old, it's not entirely clear and so
an operational checker would likely want to be more liberal.....
Your suggestion is equivalent to a max chain length of 1.
I still say that CNAME chains are in the same category with MX and PTR.
For all three, the DNS server typically packs all the records into a single
packet. For all three, the length of the list (or chain) is arbitrary.
For MX and PTR, SPF looks at the first 10 only. I maintain that
SPF should look at the first 10 in a CNAME chain also. Whether the
result should be PermErr, or equivalent to NX_DOMAIN, is open to question.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.