Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

IN MX 20

0 views
Skip to first unread message

Tim Baur

unread,
Dec 20, 1997, 3:00:00 AM12/20/97
to

I understand that CNAMES can not have other records pointed at them, as it
is considered to be breaking protocal. But with that aside. Following is a
example of this problem someone brought to my attention:

IN MX 10 mail.esgroup.net.
IN MX 20 mail2.esgroup.net.

mail IN CNAME oblivion
mail2 IN CNAME exiled

Now, the primary MX record points to a CNAME, this works fine. Gives a
warning in the log files, but non the less. However the secondary MX
returns a error, because it is pointed at a CNAME. Is there any reason
that primary would work and secondary would not, when they are both
directed at CNAME'd hosts?

Tim Baur
ESI Communications


Chris Thompson

unread,
Dec 21, 1997, 3:00:00 AM12/21/97
to

In article <Pine.BSI.3.96.97122...@oblivion.esgroup.net>,

Tim Baur <tb...@esgroup.net> wrote:
>I understand that CNAMES can not have other records pointed at them, as it
>is considered to be breaking protocal.

Well, this has been, and remains, a contentious issue. RFC 1912 section 2.4
(with references to earlier RFCs) says that pointing an MX at a CNAME is
"strongly discouraged" but stops short of calling it illegal.

> But with that aside. Following is a
>example of this problem someone brought to my attention:
>
> IN MX 10 mail.esgroup.net.
> IN MX 20 mail2.esgroup.net.
>
>mail IN CNAME oblivion
>mail2 IN CNAME exiled
>
>Now, the primary MX record points to a CNAME, this works fine. Gives a
>warning in the log files, but non the less. However the secondary MX
>returns a error, because it is pointed at a CNAME.

Try being a bit more specific. "Warning" and "error" from what, and of
what sort? Why not reproduce the messages in question?

I suspect that these are reports by whatever MTA (sendmail, smail, qmail,
exim, ...) you were using. Most MTAs these days will, grudgingly, follow
a CNAME pointed to by an MX record.

> Is there any reason
>that primary would work and secondary would not, when they are both
>directed at CNAME'd hosts?

Possibly because oblivion.esgroup.net has an A record but exiled.esgroup.net
does not exist at all?

Chris Thompson Cambridge University Computing Service,
Email: ce...@ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QG,
Phone: +44 1223 334715 United Kingdom.

Studded

unread,
Dec 21, 1997, 3:00:00 AM12/21/97
to

Tim Baur wrote:
>
> I understand that CNAMES can not have other records pointed at them, as it
> is considered to be breaking protocal.

It is not simply a "breech of protocol," it will not work. The reason
is that if you have a record with say for example a CNAME and an MX
record, and the CNAME has a conflicting MX record, what do you follow?
If there is a record that has a CNAME record associated with it, the
ONLY other thing it can have is an additional CNAME.

> But with that aside. Following is a
> example of this problem someone brought to my attention:
>
> IN MX 10 mail.esgroup.net.
> IN MX 20 mail2.esgroup.net.
>
> mail IN CNAME oblivion
> mail2 IN CNAME exiled
>
> Now, the primary MX record points to a CNAME, this works fine.

No it doesn't. It is an RFC violation for one thing, but some MTA's
refuse to work with CNAME'ed MX records. Now some of the bounces I get
for your site make sense. :)

> Gives a
> warning in the log files, but non the less. However the secondary MX

> returns a error, because it is pointed at a CNAME. Is there any reason


> that primary would work and secondary would not, when they are both
> directed at CNAME'd hosts?

Sounds like the secondary is smarter than the primary. :) You used to
be able to solve this problem by giving mail.esgroup.net an A record
that pointed to the same IP as oblivion. However with more and more
sites requiring reverse dns for mail hosts in order to avoid spammers,
I'm not sure if this would still work, but I'm sure someone on the list
will come up with a better solution.

Good luck,

Doug

Tim Baur

unread,
Dec 21, 1997, 3:00:00 AM12/21/97
to

On 21 Dec 1997, Chris Thompson wrote:

> Try being a bit more specific. "Warning" and "error" from what, and of
> what sort? Why not reproduce the messages in question?

Well taking a look at my named logs shows a similar warning from someone
eles's site who has a MX record which is a CNAME:

oblivion named [8683]: "koala.lanck.ru IN MX" points to a CNAME
(relay2.reltec.spb.su)

> I suspect that these are reports by whatever MTA (sendmail, smail, qmail,
> exim, ...) you were using. Most MTAs these days will, grudgingly, follow
> a CNAME pointed to by an MX record.

Actually its named.

> Possibly because oblivion.esgroup.net has an A record but exiled.esgroup.net
> does not exist at all?

As stated here, this was a question based on a example.

> >But with that aside. Following is an example of this problem someone
> >brought to my attention:

I should have used a actual host as a example. Sorry for the confusion.
All my mail hosts have their own IP. However many ppl have mail setup as a
CNAME. My question was, why if primary MX was pointed at a CNAME, it
worked, yet secondary didnt not?

Tim Baur
ESI Communications


Tim Baur

unread,
Dec 21, 1997, 3:00:00 AM12/21/97
to

On Sun, 21 Dec 1997, Tim Baur wrote:

> > I suspect that these are reports by whatever MTA (sendmail, smail, qmail,
> > exim, ...) you were using. Most MTAs these days will, grudgingly, follow
> > a CNAME pointed to by an MX record.
>
> Actually its named.

Erm, my confusion. The error was reported from pine/elm. It could not send
the mail through because the secondary MX was directed at a CNAME. So yes
I see your point. And yes MX records should not be pointed at CNAME's. But
I guess where I am lost, is that it can send the email to the primary MX
even if it is a CNAME but not secondary under the same conditions.

Hopefully that is alitte more clear.

-Tim


Chris Thompson

unread,
Dec 22, 1997, 3:00:00 AM12/22/97
to

OK, things are becoming a bit clearer...

In article <Pine.BSI.3.96.971221...@oblivion.esgroup.net>,
Tim Baur <tb...@esgroup.net> writes:

> Well taking a look at my named logs shows a similar warning from someone
> eles's site who has a MX record which is a CNAME:
>
> oblivion named [8683]: "koala.lanck.ru IN MX" points to a CNAME
> (relay2.reltec.spb.su)

I suppose I assumed that everyone would have logging {category cname {null:};}
set. :-) This is an informational message produced while BIND is compiling
the additional information entries in a response including an MX record in
its answer section. As with lame-servers, there isn't much you can do about
it unless it's in one of your domains, so it's quite common to suppress these
messages. Especially as a certain large ISP uses MX records pointing to
CNAMEs rather enthusiastically...

You get only one message moaning about any particular MX every 10 minutes,
which may explain why you only saw the warning message about one of them.

In article <Pine.BSI.3.96.971221...@oblivion.esgroup.net>,

I really don't think the message is produced by pine/elm (i.e. a Mail User
Agent) rather than the underlying Mail Transfer Agent. (Pine can submit
messages by SMTP, but only to a specified smarthost, I think: it doesn't
try and do its own mail routing.) If you let us know the form of the
error report returned, we could probably tell you more. It may be that
the MTA is giving up on any MX that references a CNAME, but only reports
the last one it tried. Also, it could be that mail sent to the secondary
MX gets rejected there because *its* MTA is one that doesn't cope with
MX->CNAME.

It may be that this thread should be moved to comp.mail.misc.

0 new messages