[dns-operations] Can MX be working with CNAME?

Jo Rhett jrhett at netconsonance.com
Fri Oct 18 18:16:35 UTC 2013

On Oct 18, 2013, at 10:30 AM, Florian Weimer <fw at deneb.enyo.de> wrote:
>> while it's true that it is worse to have a cname used to link an MX to
>> its target, it is not true that pointing a CNAME at an MX will nec'ily
>> end well. in the above example, Sendmail in its default configuration
>> will rewrite on the next hop the From: header so that it shows
>> @plus-china.l.google.com.
> That's a sendmail bug.

rant probably without any useful content:

Eh. People seriously need to consider what they are saying. If you say "This is an alias for that domain" rewriting the message is appropriate. I'm getting frustrated that IETF keeps making exceptions for stupidity.

It boggles the mind how many fools keep complaining when they CNAME www to their base domain, and get upset when you can send mail to name at www.www.www.base.domain and it reaches them. It's doing exactly what you said...

I didn't say anything yesterday, but the comments about "setting up resolvers is *HARD*" yesterday left me slamming my head against the wall. No, it's bone simple stupid easy. I recently went out to solve a problem where a total tech newbie (at a book publisher) created a very well isolated, DNSSEC-enabled validating resolver in 4 hours. It turns out that she did it right, and the problem was a broken far side, and she just needed some help proving it to them. If a book publisher can set up a DNSSEC validating resolver, you should lose your tech cred and go work at a grocery store if you can't.

We need to make stupidity hurt them, not make it easier for them to do, and easier for their stupidity to hurt us.

Jo Rhett
Net Consonance : net philanthropy to improve open source and internet projects.

More information about the dns-operations mailing list