On Fri, Apr 12, 2013 at 05:11:53PM +0100, Tony Finch wrote:
> > https://tools.ietf.org/html/rfc5321#section-5.1
> >
> > The lookup first attempts to locate an MX record associated with the
> > name. If a CNAME record is found, the resulting name is processed as
> > --------------------------------------------------------------
> > if it were the initial name. If a non-existent domain error is
> > ----------------------------
> > returned, this situation MUST be reported as an error. If a
> > temporary error is returned, the message MUST be queued and retried
> > later (see Section 4.5.4.1). If an empty list of MXs is returned,
> > the address is treated as if it was associated with an implicit MX
> > RR, with a preference of 0, pointing to that host. If MX records are
> > present, but none of them are usable, or the implicit MX is unusable,
> > this situation MUST be reported as an error.
>
> Oh blimey. Thanks for pointing that out.
>
> In this situation I think the right thing would be to look for the TLSA in
> the same place as when connecting to a host, as in RFC 6698 section 3.
> That is, just add _25._tcp to the start of the domain.
Well, 5321 tells us to pretend the domain has an implicit MX record:
host. IN MX 0 host.
but CNAMEs are illegal on the right side of MX records, so logic dictates
that we must start with a non-CNAME host.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
