On Dec 12, 2007, at 5:33 PM, Trevor Paquette wrote:
However, in talking to TrendMicro, they say that this syntax is
perfectly valid and that RFC 2821 overrides the MX to CNAME
limitation. The following website is their stance on this:http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1035667&id=EN-1035667
I'll speak to how TrendMicro appears to be misinterpreting RFC2821. :-)
"Domain names are used as names of hosts and of other entities in the
domain name hierarchy. For example, a domain may refer to an alias
(label of a CNAME RR) or the label of Mail exchanger records to be
used to deliver mail instead of representing a host name."
This is defining "what a domain is". A "label", as defined in
RFC1035, is (in simple terms) the left portion of a DNS record. If
you're looking at a record like:
foo IN MX 0 mailhost
"foo" is the label, and that label is made up of a domain name. There
are other places domain names might appear (such as in CNAME or MX
RDATA), but I don't think anything in RFC2821/2.3.5 is saying that MXs
can have hosts that resolve to CNAMEs in their RDATA.
They further reference section 5, quoting:
"Once an SMTP client lexically identifies a domain to which mail will
be delivered for processing (as described in sections 3.6 and 3.7), a
DNS lookup MUST be performed to resolve the domain name . The
names are expected to be fully-qualified domain names (FQDNs):
mechanisms for inferring FQDNs from partial names or local aliases are
outside of this specification and, due to a history of problems, are
generally discouraged. The lookup first attempts to locate an MX
record associated with the name. If a CNAME record is found instead,
the resulting name is processed as if it were the initial name."
The process this is describing is
 I have mail for 'name'.
 Do an MX lookup for 'name'
 If I get a CNAME RR instead of an MX RR, repeat step  with the
RDATA of the CNAME RDATA
 Handle MXes that were found in step 
The key here is that you're asking for an MX RR, but the verbiage says
"if a CNAME record is found __instead__". In other words, if you
expected an MX RR but got a CNAME RR, then you need to chase down the
CNAME and ask for *its* MX RR instead.
So again, I don't really even see how RFC2821/5 can be used to justify
having CNAMEs in the MX RDATA.
Derek J. Balling
Manager of Systems Administration
124 Raymond Ave
Box 0406 - Computer Center 229
Poughkeepsie, NY 12604
W: (845) 437-7231
C: (845) 249-9731
Description: S/MIME cryptographic signature