Re: DNS goofups galore...

From: Henning P. Schmiedehausen (
Date: Mon Feb 12 2001 - 07:55:41 EST (H. Peter Anvin) writes:

>> In other words, you do a lookup, you start with a primary lookup
>> and then possibly a second lookup to resolve an MX or CNAME. It's only
>> the MX that points to a CNAME that results in yet another lookup. An
>> MX pointing to a CNAME is almost (almost, but not quite) as bad as a
>> CNAME pointing to a CNAME.

>There is no reducibility problem for MX -> CNAME, unlike the CNAME ->
>CNAME case.

>Please explain how there is any different between an CNAME or MX pointing
>to an A record in a different SOA versus an MX pointing to a CNAME
>pointing to an A record where at least one pair is local (same SOA).

CNAME is the "canonical name" of a host. Not an alias. There is good
decriptions for the problem with this in the bat book. Basically it
breaks if your mailer expects one host on the other side (
and suddently the host reports as The sender is
allowed to assume that the name reported after the "220" greeting
matches the name in the MX. This is impossible with a CNAME: IN A IN CNAME IN MX 10

% telnet smtp
220 ESMTP ready

This kills loop detection. Yes, it is done this way =%-) and it breaks
if done wrong.


Dipl.-Inf. (Univ.) Henning P. Schmiedehausen       -- Geschaeftsfuehrer
INTERMETA - Gesellschaft fuer Mehrwertdienste mbH

Am Schwabachgrund 22 Fon.: 09131 / 50654-0 D-91054 Buckenhof Fax.: 09131 / 50654-20 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to Please read the FAQ at

This archive was generated by hypermail 2b29 : Thu Feb 15 2001 - 21:00:18 EST