[dns-operations] DNSSEC and qmail

Paul Vixie vixie at isc.org
Thu Oct 8 13:56:51 UTC 2009

> Date: Thu, 8 Oct 2009 12:53:07 +0100
> From: Tony Finch <dot at dotat.at>
> The old SMTP specs require that all domains were canonicalized, i.e. that
> CNAMEs were resolved to their final target domains. qmail still does this
> even though nowadays no-one else cares if a domain is canonical or not.
> (I think that was also true when qmail was written.)

an ANY or CNAME query was never required for canonicalization.  a query for
MX or A will discover and return any CNAME chain required to reach the qname.

qmail's query for ANY was meant to be an optimization, to avoid having to
make both an MX *and* an A query.  sendmail did this for a while also, but
has been patched.

the need to canonicalize may have been weakened over time, such that SMTP
responders might not be doing lookups on every name in the envelope and/or
headers at this point.  but the reason for the ANY query never was due to
the canonicalization itself, but rather, ignorance and overmicrooptimization.

i'll try to dig up 20-year-old mail archives showing the debates i had with
both bernstein and allman about this "back in the day" if there's interest.

More information about the dns-operations mailing list