[Top] [All Lists]

Re: MX to CNAME and (mis)interptretation of 2821

2007-12-12 17:02:58

On Dec 12, 2007, at 5:33 PM, Trevor Paquette wrote:
However, in talking to TrendMicro, they say that this syntax is perfectly valid and that RFC 2821 overrides the MX to CNAME limitation. The following website is their stance on this:

I'll speak to how TrendMicro appears to be misinterpreting RFC2821. :-)

"Domain names are used as names of hosts and of other entities in the domain name hierarchy. For example, a domain may refer to an alias (label of a CNAME RR) or the label of Mail exchanger records to be used to deliver mail instead of representing a host name."

This is defining "what a domain is". A "label", as defined in RFC1035, is (in simple terms) the left portion of a DNS record. If you're looking at a record like:

foo IN MX 0 mailhost

"foo" is the label, and that label is made up of a domain name. There are other places domain names might appear (such as in CNAME or MX RDATA), but I don't think anything in RFC2821/2.3.5 is saying that MXs can have hosts that resolve to CNAMEs in their RDATA.

They further reference section 5, quoting:

"Once an SMTP client lexically identifies a domain to which mail will be delivered for processing (as described in sections 3.6 and 3.7), a DNS lookup MUST be performed to resolve the domain name [22]. The names are expected to be fully-qualified domain names (FQDNs): mechanisms for inferring FQDNs from partial names or local aliases are outside of this specification and, due to a history of problems, are generally discouraged. The lookup first attempts to locate an MX record associated with the name. If a CNAME record is found instead, the resulting name is processed as if it were the initial name."

The process this is describing is

        [1] I have mail for 'name'.
        [2] Do an MX lookup for 'name'
[3] If I get a CNAME RR instead of an MX RR, repeat step [2] with the RDATA of the CNAME RDATA
        [4] Handle MXes that were found in step [3]
The key here is that you're asking for an MX RR, but the verbiage says "if a CNAME record is found __instead__". In other words, if you expected an MX RR but got a CNAME RR, then you need to chase down the CNAME and ask for *its* MX RR instead.

So again, I don't really even see how RFC2821/5 can be used to justify having CNAMEs in the MX RDATA.



Derek J. Balling
Manager of Systems Administration
Vassar College
124 Raymond Ave
Box 0406 - Computer Center 229
Poughkeepsie, NY 12604
W:      (845) 437-7231
C:      (845) 249-9731

Attachment: smime.p7s
Description: S/MIME cryptographic signature