When Section 5.1 of RFC 5321 says "If a CNAME record is found, the resulting name is processed as if it were the initial name", it is referring to the situation where a query is sent for the MX record for xyz.com, and instead of an MX record being returned for xyz.com, a CNAME record is returned for xyz.com (e.g., "xyz.com. IN CNAME abc.com."). In that case, the client is then expected to start the whole process over by querying for the MX record for abc.com. It is not referring to the case where a query is sent for the MX record for xyz.com and an MX record is returned for xyz.com having a CNAME for the RDATA (such as, "XYZ IN MX 10 cn.xyz.com", where cn.xyz.com is a CNAME for srv1.xyz.com.) In fact, Section 5.1 of RFC 5321 goes on to discuss having CNAMEs returned in the RDATA of MX records and refers the reader to Section 10.3 of RFC 2181, which explicity forbids CNAMEs in the RDATA of either NS or MX records ("The domain name used as the value of a NS resource record, or part of the value of a MX resource record must not be an alias.").
> -----Original Message----- > From: bind-users-boun...@lists.isc.org > [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Al Stu > Sent: Tuesday, January 27, 2009 12:13 PM > To: bind-users@lists.isc.org > Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records > are NOT "Illegal" > > "They are two queries. If mx1 would be an A, it would be > returned in the first query. Since it's a CNAME, the IP is > not returned in the MX query." > > So. RFC 5321 5.1, Locating the Target Host, says the CNAME > is to be processed. > > "The lookup first attempts to locate an MX record associated > with the name. > If a CNAME record is found, the resulting name is processed > as if it were the initial name." > > > *** PLEASE don't copy me on replies, I'll read them in the group *** > > > ----- Original Message ----- > From: "Matus UHLAR - fantomas" <uh...@fantomas.sk> > To: <bind-users@lists.isc.org> > Sent: Tuesday, January 27, 2009 9:01 AM > Subject: Re: BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT > "Illegal" > > > > On 27.01.09 08:46, Al Stu wrote: > >> So then you disagree that the following example returns a > valid address > >> record for srv1? > >> > >> srv1 300 IN A 1.2.3.4 > >> mx1 300 IN CNAME srv1.xyz.com. > >> @ 300 IN MX 1 mx1.xyz.com. > >> > >> 1) Select Target Host: > >> The MX query for xyz.com delivers mx1.xyz.com which is a CNAME. > >> > >> 2) Get Target Host Address: > >> The A query for mx1.xyz.com delivers the address (A) record of > >> srv1.xyz.com, 1.2.3.4, and also delivers the alias (CNAME) > record of > >> "mx1.xyz.com". > > > > They are two queries. If mx1 would be an A, it would be > returned in the > > first query. Since it's a CNAME, the IP is not returned in > the MX query. > > > > -- > > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > > Warning: I wish NOT to receive e-mail advertising to this address. > > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > > It's now safe to throw off your computer. > > _______________________________________________ > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users