[dns-operations] Looping wildcard CNAMEs can be an obstacle for DANE, (googledomains.com-hosted example)
Mark Andrews
marka at isc.org
Tue Apr 17 20:56:52 UTC 2018
Some SMTP clients made CNAME queries because named didn’t correctly
fail ALL lookups on a zone if it detected a error loading a zone and would
return SERVFAIL rather than NOERROR NODATA for a RRset that didn’t exist
in that zone. This was not STD 13 behaviour. This was corrected to
return SERVFAIL for all names in the zone’s namespace if a zone could
not be loaded as required by STD 13.
Some SMTP clients also thought that they were required to make explicit
CNAME queries rather than use the CNAME record returned by the MX lookup.
> On 18 Apr 2018, at 4:28 am, John Levine <johnl at taugh.com> wrote:
>
> In article <AA3A12D5-F246-4A0A-8ABE-7F27B47AE5CE at dukhovni.org> you write:
>> The Postfix DNS lookup glue dates back to 1997. "The past is a foreign
>> country, they do things differently there." [1]
>
> Ah. There is a CNAME hack in qmail dating from 1998. It was probably
> the same bug in some long dead version of BIND.
>
> Most qmail installations have patched it out.
>
> R's,
> John
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list