secondary MX (was Re: [TriLUG] co-lo or at home?)

Tanner Lovelace lovelace at wayfarer.org
Fri Mar 29 13:28:15 EST 2002 

On Fri, 2002-03-29 at 13:14, James Manning wrote:
> [Tanner Lovelace]
> > Here is the quote from RFC1912:
> > 
> >    A CNAME record is not allowed to coexist with any other data.  In
> >    other words, if suzy.podunk.xx is an alias for sue.podunk.xx, you
> >    can't also have an MX record for suzy.podunk.edu, or an A record, or
> >    even a TXT record.
> 
> ok, so if there's a CNAME record for foo pointing to bar, then
> there can't also be an MX record for foo.
> 
> My interpretation of the initial problem was "if MX record foo points
> to bar, can bar be a CNAME"?  I had problems back in 94 or so when I
> had an MX record point to another MX record, but MX records pointing
> to CNAME's should be fine AFAICT
> 
> I guess I misunderstood the original problem then, right?

No, I think you understood the problem, I just think perhaps the
solution wasn't as clear as it could be.  MX records pointing to
CNAMES *can* cause problems.  Take a look at the other URL I posted
(http://www.rscott.org/dns/cname.html).  CNAMES are these weird things
that are not really anything except a redirection.  Here's an
example of how they can cause problems.

I run mailman at a virtual domain lists.foo.com.  lists.foo.com
is a CNAME for foo.com where mail for foo.com goes.  Since mailman
depends on mail to lists.foo.com being separate from mail to foo.com,
this will fail because most mailers will see that lists.foo.com is 
a CNAME, assume this is an error, and replace it with foo.com, thereby
screwing up the mailing list.  To be correct, I had to make
lists.foo.com an A record so that it didn't do the substitution.

Now, in Mike and Lisa's case, they're not doing anything like this.
Mailers will see that mx.1000plus.com is a CNAME and replace it
with 1000plus.dyndns.org.  The upshot of this is that, I would
imagine, their mailer needs to be configured to accept mail from
1000plus.dyndns.org.  If it isn't, some mail will get bounced.

That's how it can cause problems.

Tanner
-- 
Tanner Lovelace | lovelace at wayfarer.org | http://wtl.wayfarer.org/
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
GPG Fingerprint = A66C 8660 924F 5F8C 71DA  BDD0 CE09 4F8E DE76 39D4
GPG Key can be found at http://wtl.wayfarer.org/lovelace.gpg.asc
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
         http://www.petitiononline.com/SSSCA/petition.html
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
 Those who are willing to sacrifice essential liberties for a little 
 order, will lose both and deserve neither.  --  Benjamin Franklin 

 History teaches that grave threats to liberty often come in times
 of urgency, when constitutional rights seem too extravagant to 
 endure.  --  Justice Thurgood Marshall, 1989 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 240 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20020329/350412c6/attachment.pgp>

More information about the TriLUG mailing list