[dns-operations] Can MX be working with CNAME?

Jeroen Massar jeroen at massar.ch
Mon Oct 21 07:09:08 UTC 2013 

On 2013-10-18 10:46 , Doug wrote:
> Hello,
> 
> $ idig plus.google.com mx
> plus.google.com.    1200    IN    CNAME    plus-china.l.google.com.
> plus-china.l.google.com. 600    IN    MX    40 alt3.aspmx.l.google.com.
> plus-china.l.google.com. 600    IN    MX    50 alt4.aspmx.l.google.com.
> plus-china.l.google.com. 600    IN    MX    10 aspmx.l.google.com.
> plus-china.l.google.com. 600    IN    MX    20 alt1.aspmx.l.google.com.
> plus-china.l.google.com. 600    IN    MX    30 alt2.aspmx.l.google.com.
> 
> I never saw this type of MX.  Are they valid records?

The records are valid, though against the RFC1912 section 2.4.
The example is MX -> CNAME, but the rule is:
 "Don't use CNAMEs in combination with RRs which point to other names"

And thus CNAME -> MX -> A falls under that too.

The problem with the above specifically is that Sendmail will cause some
issues, as it will lookup the CNAME, and replace all headers with the
destination, thus if you have:

From: example at plus.google.com
To: something at example.net

Sendmail will rewrite this to:

From: example at plus-china.l.google.com
To: something at example.net

Sendmail is one of the few and maybe only SMTP server that does though
and hence you will just get very inconsistent results depending if the
remote site (which you do not control) still uses that.

Hence, why one should never do the above. It is btw rather odd that you
get the CNAME, as from a variety of queries around the world they all
seem to return a A/AAAA/MX set directly instead. You might thus want to
check *who* is actually returning the above as the Google folks
definitely know about the problems caused by CNAMEs and thus likely
would never use it in the above case; they just return a different
A/AAAA/MX set when queried instead from their DNS server.

Greets,
 Jeroen

--
$ host plus.google.com
plus.google.com has address 173.194.116.39
plus.google.com has address 173.194.116.41
plus.google.com has address 173.194.116.33
plus.google.com has address 173.194.116.32
plus.google.com has address 173.194.116.40
plus.google.com has address 173.194.116.46
plus.google.com has address 173.194.116.37
plus.google.com has address 173.194.116.36
plus.google.com has address 173.194.116.38
plus.google.com has address 173.194.116.34
plus.google.com has address 173.194.116.35
plus.google.com has IPv6 address 2a00:1450:400a:806::1003
plus.google.com mail is handled by 10 aspmx.l.google.com.
plus.google.com mail is handled by 50 alt4.aspmx.l.google.com.
plus.google.com mail is handled by 30 alt2.aspmx.l.google.com.
plus.google.com mail is handled by 20 alt1.aspmx.l.google.com.
plus.google.com mail is handled by 40 alt3.aspmx.l.google.com.

More information about the dns-operations mailing list