Re: [exim] Consider local_domains only if DNS matches

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Phil Pennock
Date:  
À: exim-users
Sujet: Re: [exim] Consider local_domains only if DNS matches
On 2007-05-20 at 23:15 +0200, Peter Thomassen wrote:
Example 1:
> > > $ host -t mx mail.peter-thomassen.de
> > > mail.peter-thomassen.de MX      10 mail.a4a.de
> > > mail.peter-thomassen.de MX      20 rescue.a4a.de
> > > $ host -t mx mail.glv.at
> > > mail.glv.at             CNAME   glv.at
> > > glv.at                  MX      10 mail.a4a.de
> > > glv.at                  MX      20 rescue.a4a.de
> > > $


> I have read section 2.4 several times now. If I got it wrong nonetheless,
> please give me a quote :-) Maybe, mail.glv.at was a bad example, and we
> should rather investigate sub.glv.at:


Example 2:
> $ hostx -t mx sub.glv.at
> sub.glv.at              CNAME   glv.at
> glv.at                  MX      20 rescue.a4a.de
> glv.at                  MX      10 mail.a4a.de
> $ 


In example 2, mail for @sub.glv.at should be processed just fine, as
it's a CNAME pointing to something which resolves. You'll have
interesting experiences as some MTAs do things like automatic header
rewriting to canonicalise the mail-domain, so all sorts of signed email
systems (DomainKeys/DKIM, etc) may be broken, depending upon which MTAs
are in the path between the sender and you.

In example 1, which is all I'd seen so was what I was commenting upon:
in the MX RR-set for "mail.peter-thomassen.de" there existed an MX RR
(priority 10) pointing to "mail.a4a.de"; but "mail.a4a.de" is not a real
name, it's a pointer to the canonical name (ie: there is a CNAME record)
of "glv.at". This is an instance of:

----------------------------8< cut here >8------------------------------
Don't use CNAMEs in combination with RRs which point to other names
like MX, CNAME, PTR and NS. (PTR is an exception if you want to
implement classless in-addr delegation.) For example, this is
strongly discouraged:

           podunk.xx.      IN      MX      mailhost
           mailhost        IN      CNAME   mary
           mary            IN      A       1.2.3.4



[RFC 1034] in section 3.6.2 says this should not be done, and [RFC
974] explicitly states that MX records shall not point to an alias
defined by a CNAME. This results in unnecessary indirection in
accessing the data, and DNS resolvers and servers need to work more
to get the answer. If you really want to do this, you can accomplish
the same thing by using a preprocessor such as m4 on your host files.

Also, having chained records such as CNAMEs pointing to CNAMEs may
make administration issues easier, but is known to tickle bugs in
some resolvers that fail to check loops correctly. As a result some
hosts may not be able to resolve such names.
----------------------------8< cut here >8------------------------------

One common point of confusion, even for many of those who speak English
as their first language, is what CNAME means; I'll cover it here for
completeness:

Note that "CNAME" was really a poor RR type name, in retrospect. In
English, a "canonical" name is the one true name; the CNAME RR points _to_
the canonical name. It would be better named ALIASOF or CNAMEIS. ;^)

-Phil