[dns-operations] Can MX be working with CNAME?

Tony Finch dot at dotat.at
Mon Oct 21 11:37:42 UTC 2013

Jeroen Massar <jeroen at massar.ch> wrote:

>  "Don't use CNAMEs in combination with RRs which point to other names"
> And thus CNAME -> MX -> A falls under that too.

No, it is only names in RDATA that should not refer to CNAMEs.

In practice, this depends a lot in the RR in question. NS pointing to
CNAME is not going to work. MX pointing to CNAME probably will work.

CNAME pointing to anything should work, except for the historical screwup
in the way mail software handles CNAME. Note that this does not just
affect CNAME pointing to MX, but also CNAME pointing to A and CNAME
pointing to AAAA, when the CNAME is used as a mail domain.

> The problem with the above specifically is that Sendmail will cause some
> issues, as it will lookup the CNAME, and replace all headers with the
> destination, [...]
> Sendmail is one of the few and maybe only SMTP server that does though
> and hence you will just get very inconsistent results depending if the
> remote site (which you do not control) still uses that.

This is a remnant of the pre-DRUMS email specifications, in particular the
requirement in RFC 821 that domain aliases (i.e. CNAMEs) are not allowed
in mail, and the clarification in RFC 1123 that CNAMEs should be
interpreted as instructions to rewrite domains.

Other MTAs do similar things, for instance qmail rewrites envelope domains
(but not message headers) - http://fanf.livejournal.com/122220.html

The IETF Detailed Revision and Update of Messaging Standards working group
decided to remove the ban on CNAME domains in the 1990s. But they are
still an interop disaster.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.

More information about the dns-operations mailing list