ietf-smtp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: MX to CNAME and (mis)interptretation of 2821

2007-12-12 17:02:58
from [Derek J. Balling] [Permanent Link] 

On Dec 12, 2007, at 5:33 PM, Trevor Paquette wrote:
However, in talking to TrendMicro, they say that this syntax is perfectly valid and that RFC 2821 overrides the MX to CNAME limitation. The following website is their stance on this:http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1035667&id=EN-1035667 

I'll speak to how TrendMicro appears to be misinterpreting RFC2821. :-)
"Domain names are used as names of hosts and of other entities in the domain name hierarchy. For example, a domain may refer to an alias (label of a CNAME RR) or the label of Mail exchanger records to be used to deliver mail instead of representing a host name."
This is defining "what a domain is". A "label", as defined in RFC1035, is (in simple terms) the left portion of a DNS record. If you're looking at a record like: 

foo IN MX 0 mailhost
"foo" is the label, and that label is made up of a domain name. There are other places domain names might appear (such as in CNAME or MX RDATA), but I don't think anything in RFC2821/2.3.5 is saying that MXs can have hosts that resolve to CNAMEs in their RDATA. 

They further reference section 5, quoting:
"Once an SMTP client lexically identifies a domain to which mail will be delivered for processing (as described in sections 3.6 and 3.7), a DNS lookup MUST be performed to resolve the domain name [22]. The names are expected to be fully-qualified domain names (FQDNs): mechanisms for inferring FQDNs from partial names or local aliases are outside of this specification and, due to a history of problems, are generally discouraged. The lookup first attempts to locate an MX record associated with the name. If a CNAME record is found instead, the resulting name is processed as if it were the initial name." 

The process this is describing is

        [1] I have mail for 'name'.
        [2] Do an MX lookup for 'name'
[3] If I get a CNAME RR instead of an MX RR, repeat step [2] with the RDATA of the CNAME RDATA 
        [4] Handle MXes that were found in step [3]
The key here is that you're asking for an MX RR, but the verbiage says "if a CNAME record is found __instead__". In other words, if you expected an MX RR but got a CNAME RR, then you need to chase down the CNAME and ask for *its* MX RR instead.
So again, I don't really even see how RFC2821/5 can be used to justify having CNAMEs in the MX RDATA. 

Cheers,
D




--

Derek J. Balling
Manager of Systems Administration
Vassar College
124 Raymond Ave
Box 0406 - Computer Center 229
Poughkeepsie, NY 12604
W:      (845) 437-7231
C:      (845) 249-9731

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: MX to CNAME and (mis)interptretation of 2821, Frank Ellermann
Next by Date:  RE: Re: MX to CNAME and (mis)interptretation of 2821, Trevor Paquette
Previous by Thread:  Re: MX to CNAME and (mis)interptretation of 2821, Hector Santos
Next by Thread:  Re: MX to CNAME and (mis)interptretation of 2821, ned+ietf-smtp
Indexes:  [Date] [Thread] [Top] [All Lists]