Naive users messing up using CNAMEs is really neither here nor there because they are just as likely to mess up any other type of DNS record. The fact that CNAME MX records has not destroyed the internet belittles the staunch firestorm that CNAME MX records will destroy the internet. I've never had a problem dealing with it on my mail servers. The only time I notice it is by chance when I'm idly browsing through DNS records of whomever for whatever reason. 20 years ago we didn't have the spam issues we do now, nor the technological changes. One machine, one IP, one hostname, one PTR. Now we have mass distributed virtual hosting for websites and numerous other services. We used to have no impetus to use much security involving DNS, nor was TCP used much. UDP was ubiquitous for port 53. Virtual SSL is all the rage now and load balanced mail servers listen to multiple ports and protocols as a default instead of just plain tcp/25. DNS itself has become far more evolved.
A mailserver of yester-year did far few DNS lookups in a hugely different scale. I would not be surprised to see the common mail server fetching every which type of DNS record and analyzing it from every which angle as part and parcel of anti-spam measures. I do not thing it is any significant burden to push the need for every MTA to fully resolve an MX record which happens to be a CNAME as standard procedure. It appears that many if not most, do so already. Especially those that intentionally discriminate against incoming CNAME MX emails. That's rather the cutting off of the nose to spite the face. You're going out of your way to verify the reverse path of an incoming email. It is not necessary for delivery so why do it? What some people consider rubbish for input is desired for another. Some people foam at the mouth should anyone bring up an editor other than vi, or rich text email. Yet I'm amused that a person chooses to spend 10 hours writing up something in vi and fighting with formatting instead of using a GUI editor. I'm aghast at most ASCII rendition attempts by someone, when a simple rich text markup would make it instantly clear and require a miniscule amount of time trying to decode and understand the horrible ASCII. There's a reason we have 96dpi 16m color screens instead of a row of nixie tubes for display output. I'm sure punch card bandits scoffed at the nixie tube users. Some people just don't like change, or an idea that came from someone else, or challenges their personal opinion how things ought to be. Consider the "rubbish" email which a certain MTA vendor rejects out of hand because each line isn't strictly well-formed per RFC. If every vendor was as utterly asinine about absolutist conformance, sure, we'd have a lot less mess out there, but we'd have a lot less forward movement as well as a lot more fractioning of software packages. Since everyone wants to do the protocol their own way, we'd just have a multitude of protocol variations rather than more flexible interoperability. The majority of the internet seems to run on "just enough clue" to make things work and surprisingly, the amount of clue needed to move stuff about the 'tubes isn't very much. In that regard, the internet seems to work well enough even with some oddball CNAME MX records out there and usually the only people noticing it are the elitist, and it isn't necessarily due to email breakage. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
