Re: [Mimedefang] Domain canonifyin​g and RFCs

Sat, 24 Sep 2016 19:37:57 -0700 


Marcus Schopen <[email protected]> wrote:


P.S.  I know the setting confDONT_EXPAND_CNAMES will disable this
behaviour, but I would prefer not to implement this.  Also I cannot
modify the DNS records since it is an external DNS server.
They insist their DNS settings are RFC compliant.

Their DNS records looks like this:
c.domain.com      IN      A       1.1.1.1
a.b.domain.com.  IN      CNAME   c.domain.com.
c.domain.com.    IN      MX      10   mail.domain2.com
c.domain.com.    IN      MX      20   mail2.domain2.com

[email protected] will be rewitten to [email protected]
What harm results from this? The CNAME record defines that the canonical name of a.b.domain.com is c.domain.com. The above structure looks compliant to me too. I don't understand the question.
The address [email protected] is undeliverable otherwise, since there is no MX or A record for a.b.domain.com. 

RFC 2821 says:

  Only resolvable, fully-qualified, domain names (FQDNs) are permitted
  when domain names are used in SMTP.  In other words, names that can
  be resolved to MX RRs or A RRs (as discussed in section 5) are
  permitted, as are CNAME RRs whose targets can be resolved, in turn,
  to MX or A RRs.
So a CNAME is allowed if it can be resolved to a MX or A RR. The next update, RFC 5321 says the same thing, adding IPv6 AAAA records: 

  Only resolvable, fully-qualified domain names (FQDNs) are permitted
  when domain names are used in SMTP.  In other words, names that can
  be resolved to MX RRs or address (i.e., A or AAAA) RRs (as discussed
  in Section 5) are permitted, as are CNAME RRs whose targets can be
  resolved, in turn, to MX or address RRs.
So the only reason a.b.domain.com can be used (successfully) in an address is that it resolves to c.domain.com. It has to be rewritten. 


Joseph Brennan
Columbia University




_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Reply via email to