Re: [exim] Consider local_domains only if DNS matches

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Phil Pennock
Date:  
À: exim-users
Sujet: Re: [exim] Consider local_domains only if DNS matches
On 2007-05-19 at 15:34 +0200, Peter Thomassen wrote:
> $ host -t mx mail.peter-thomassen.de
> mail.peter-thomassen.de MX      10 mail.a4a.de
> mail.peter-thomassen.de MX      20 rescue.a4a.de
> $ host -t mx mail.glv.at
> mail.glv.at             CNAME   glv.at
> glv.at                  MX      10 mail.a4a.de
> glv.at                  MX      20 rescue.a4a.de
> $


This, unfortunately, is broken. The hostname provided by MX resolution
is not permitted to be a CNAME record; it may work for some combinations
but other clients won't support it, so you'll not be reachable by some
people (those following the standards carefully).

Another useful and readable RFC which is relevant here is:
RFC 1912 Common DNS Operational and Configuration Errors
and section 2.4 of that covers CNAME usage, including covering the issue
with MX records, providing pointers to the relevant standards-track RFC
comments on the issue.

> Obviously, an additional lookup is done for glv.at in the second example. Is
> this lookup done by the client, or on the nameserver side, -- in other words,
> does this additional lookup have a noticeable impact on performance? If it
> doesn't, I'll consider CNAME wildcards for all our domains.
>
> (I know that rescue.a4a.de is currently unavailable.)
>
> > That document includes examples, diagrams and so on, all to clarify when
> > records are faked up (sorry, "synthesized") and when they're not.


I was avoiding using a fancy word in the main sentence but providing
that fancy word for reference purposes inside the parenthetical comment.

> Seems that you don't like wildcards. Why not?


I like them fine enough. I even use them, a little, just not anywhere
near mail records.

They're frequently misunderstood and much abused; in combination with
email, I see wildcard MX and CNAMEs both cause more confusion than
almost any other aspect of DNS. Probably because people want to use
them. ;^)

-Phil