On Dec 12, 2007, at 5:33 PM, Trevor Paquette wrote:
However, in talking to TrendMicro, they say that this syntax is
perfectly valid and that RFC 2821 overrides the MX to CNAME
limitation. The following website is their stance on this:http://esupport.trendmicro.com/support/viewxml.do?ContentID=EN-1035667&id=EN-1035667
I'll speak to how TrendMicro appears to be misinterpreting RFC2821. :-)
"Domain names are used as names of hosts and of other entities in the
domain name hierarchy. For example, a domain may refer to an alias
(label of a CNAME RR) or the label of Mail exchanger records to be
used to deliver mail instead of representing a host name."
This is defining "what a domain is". A "label", as defined in
RFC1035, is (in simple terms) the left portion of a DNS record. If
you're looking at a record like:
foo IN MX 0 mailhost
"foo" is the label, and that label is made up of a domain name. There
are other places domain names might appear (such as in CNAME or MX
RDATA), but I don't think anything in RFC2821/2.3.5 is saying that MXs
can have hosts that resolve to CNAMEs in their RDATA.
They further reference section 5, quoting:
"Once an SMTP client lexically identifies a domain to which mail will
be delivered for processing (as described in sections 3.6 and 3.7), a
DNS lookup MUST be performed to resolve the domain name [22]. The
names are expected to be fully-qualified domain names (FQDNs):
mechanisms for inferring FQDNs from partial names or local aliases are
outside of this specification and, due to a history of problems, are
generally discouraged. The lookup first attempts to locate an MX
record associated with the name. If a CNAME record is found instead,
the resulting name is processed as if it were the initial name."
The process this is describing is
[1] I have mail for 'name'.
[2] Do an MX lookup for 'name'
[3] If I get a CNAME RR instead of an MX RR, repeat step [2] with the
RDATA of the CNAME RDATA
[4] Handle MXes that were found in step [3]
The key here is that you're asking for an MX RR, but the verbiage says
"if a CNAME record is found __instead__". In other words, if you
expected an MX RR but got a CNAME RR, then you need to chase down the
CNAME and ask for *its* MX RR instead.
So again, I don't really even see how RFC2821/5 can be used to justify
having CNAMEs in the MX RDATA.
Cheers,
D
--
Derek J. Balling
Manager of Systems Administration
Vassar College
124 Raymond Ave
Box 0406 - Computer Center 229
Poughkeepsie, NY 12604
W: (845) 437-7231
C: (845) 249-9731
smime.p7s
Description: S/MIME cryptographic signature