John C Klensin <john+smtp(_at_)jck(_dot_)com> wrote:
--On Thursday, 21 February, 2008 16:20 -0500 Hector Santos
<hsantos(_at_)santronics(_dot_)com> wrote:
Unless I am missing something, it isn't just better to say
something to the effect?
"SMTP DNS Administration MUST|SHOULD NOT include CNAME
resource records when creating email domain MX records
for the SMTP server setup."
John K doesn't seem to have responded to this particular text.
I mean, I don't think it is reasonable to discourage DNS
CLIENT software to ignore the very good possibility that a
query might historically return a CNAME which needs to resolve
as well for the final expansion.
To the extent to which we consider such CNAMEs to be a problem,
the _only_ way to get rid of them is precisely to encourage
client software to complain. If we don't care, this should be a
SHOULD at most (and a SHOULD here will be taken as license to
use CNAMEs there).
Personally, I think this battle is long since lost; however...
The audience for this document is not, for better or worse,
domain administrators.
... which is why, IMHO, we need to be especially clear if we
wish to restrict what they do. They _may_ read a paragraph or
two when somebody points out "the error of their ways" -- but
they will _not_ read for context.
The text in question, IMHO, is not sufficiently clear:
"
" The result of an MX lookup MUST NOT be a CNAME.
could mean a number of things -- one of the most logical being
that the SMTP client software is _obligated_ to resolve any
CNAME it encounters. (The DNS administrators reading this text
would know there are any number of middlemen between what they
configure and what the system code called by client software
may return.)
At some level, we don't care what you do that goes beyond the
bounds of the standard to deal with a case that the standard
prohibits. If you come to the conclusion that you should handle
these things, then you should do it -- you are still conforming
wrt the specified behavior. The only thing that would make you
non-conforming would be an explicit statement that says that you
MUST reject such a thing. And it rather carefully doesn't say
that.
... but it could be read to mean you MUST NOT reject such a
thing...
And, if you think that concept needs to be explained better in
the text, please suggest words.
If we're trying in any way to control what DNS administrators
do, we should have text like:
"
" DNS administrators MUST NOT configure DNS servers for zones
" they control to return a CNAME for an MX lookup.
If we're trying to control what (some) SMTP client software
does, we should have text like:
"
" SMTP client software SHOULD return an error if it receives a
CNAME RR in response to an MX lookup.
... or, of course, "MAY return an error..." -- I have no horse
in this race. We could include both, or neither, for all I care.
I just think the current text is not helpful.
--
John Leslie <john(_at_)jlc(_dot_)net>