[dns-operations] Looping wildcard CNAMEs can be an obstacle for DANE, (googledomains.com-hosted example)

Mark Andrews marka at isc.org
Tue Apr 17 20:56:52 UTC 2018

Some SMTP clients made CNAME queries because named didn’t correctly
fail ALL lookups on a zone if it detected a error loading a zone and would
return SERVFAIL rather than NOERROR NODATA for a RRset that didn’t exist
in that zone.  This was not STD 13 behaviour.  This was corrected to
return SERVFAIL for all names in the zone’s namespace if a zone could
not be loaded as required by STD 13.

Some SMTP clients also thought that they were required to make explicit
CNAME queries rather than use the CNAME record returned by the MX lookup.

> On 18 Apr 2018, at 4:28 am, John Levine <johnl at taugh.com> wrote:
> In article <AA3A12D5-F246-4A0A-8ABE-7F27B47AE5CE at dukhovni.org> you write:
>> The Postfix DNS lookup glue dates back to 1997. "The past is a foreign
>> country, they do things differently there." [1]
> Ah.  There is a CNAME hack in qmail dating from 1998.  It was probably
> the same bug in some long dead version of BIND.
> Most qmail installations have patched it out.
> R's,
> John
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the dns-operations mailing list