Re: DNS goofups galore...

James Antill (james@and.org)
12 Feb 2001 14:19:01 -0500


"Henning P. Schmiedehausen" <hps@tanstaafl.de> writes:

> hpa@transmeta.com (H. Peter Anvin) writes:
>
> >> In other words, you do a lookup, you start with a primary lookup
> >> and then possibly a second lookup to resolve an MX or CNAME. It's only
> >> the MX that points to a CNAME that results in yet another lookup. An
> >> MX pointing to a CNAME is almost (almost, but not quite) as bad as a
> >> CNAME pointing to a CNAME.
> >>
>
> >There is no reducibility problem for MX -> CNAME, unlike the CNAME ->
> >CNAME case.
>
> >Please explain how there is any different between an CNAME or MX pointing
> >to an A record in a different SOA versus an MX pointing to a CNAME
> >pointing to an A record where at least one pair is local (same SOA).
>
> CNAME is the "canonical name" of a host. Not an alias. There is good
> decriptions for the problem with this in the bat book. Basically it
> breaks if your mailer expects one host on the other side (mail.foo.org)
> and suddently the host reports as mail.bar.org). The sender is
> allowed to assume that the name reported after the "220" greeting
> matches the name in the MX. This is impossible with a CNAME:
>
> mail.foo.org. IN A 1.2.3.4
> mail.bar.org. IN CNAME mail.foo.org.
> bar.org. IN MX 10 mail.bar.org.
>
> % telnet mail.bar.org smtp
> 220 mail.foo.org ESMTP ready
> ^^^^^^^^^^^^
>
> This kills loop detection. Yes, it is done this way =%-) and it breaks
> if done wrong.

This is humour, yeh ?

I would be supprised if even sendmail assumed braindamage like the
above.
For instance something that is pretty common is...

foo.example.com. IN A 4.4.4.4
foo.example.com. IN MX 10 mail.example.com.
foo.example.com. IN MX 20 backup-mx1.example.com.

; This is really mail.example.org.
backup-mx1.example.com. IN A 1.2.3.4

...another is to have "farms" of mail servers (the A record for the MX
has multiple entries).
If it "broke" as you said, then a lot of mail wouldn't be being routed.

-- 
# James Antill -- james@and.org
:0:
* ^From: .*james@and\.org
/dev/null
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://vger.kernel.org/lkml/