Re: [Asrg] DNS basics, was overloading server names doesn't work

"John R Levine" <johnl@taugh.com> Tue, 09 February 2010 19:04 UTC

Return-Path: <johnl@taugh.com>
X-Original-To: asrg@core3.amsl.com
Delivered-To: asrg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DB67E3A75AA for <asrg@core3.amsl.com>; Tue, 9 Feb 2010 11:04:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.761
X-Spam-Level:
X-Spam-Status: No, score=-10.761 tagged_above=-999 required=5 tests=[AWL=0.438, BAYES_00=-2.599, HABEAS_ACCREDITED_SOI=-4.3, RCVD_IN_BSP_TRUSTED=-4.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BdgCQmIdPwF9 for <asrg@core3.amsl.com>; Tue, 9 Feb 2010 11:04:29 -0800 (PST)
Received: from gal.iecc.com (l053.n.taugh.com [64.57.183.53]) by core3.amsl.com (Postfix) with ESMTP id 044CB28C0DC for <asrg@irtf.org>; Tue, 9 Feb 2010 11:04:09 -0800 (PST)
Received: (qmail 73771 invoked from network); 9 Feb 2010 19:05:15 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent:cleverness; s=k1002; bh=O0EOlWafniHWxa1JH7wpNiYrrF4xkt5WKBFO6mcPKxA=; b=C/OgpxEITiUxJw5qIF2bDuRL5iCK2NaIn8PQHsPGJLLyqeo2R1RolJ9d35SBzphw/uPEtH38pkv4Z45ruxAIONsq8wJWrAbH1Tgzj9L4NPpJoTGZHgZOL9mqcDUj4qsfDToYAm856XO4jVtBN2sA/UDmAWrW86iuHpt1Y6yl/YE=
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent:cleverness; s=k1002; bh=O0EOlWafniHWxa1JH7wpNiYrrF4xkt5WKBFO6mcPKxA=; b=fzE240q81YaBTP+yN35c3tyPop1pQ6ZAB39aLTJE5Y3OFP8JDbzqx58TKXGrajRzPA5F3hdbvyPSjTyf4U0zXHzCeTodri+VYjLryKvttmiKjGJr74WWO3HQ0HrqY08DBxXOwnwd2m21y6Tn7tmVm8OiW9s0mkShCCaLlmEFzAc=
Received: (ofmipd 208.31.42.62) with (DHE-RSA-AES256-SHA encrypted) SMTP; 9 Feb 2010 19:04:53 -0000
Date: 9 Feb 2010 14:05:14 -0500
Message-ID: <alpine.BSF.2.00.1002091342120.38295@simone.lan>
From: "John R Levine" <johnl@taugh.com>
To: dcrocker@bbiw.net
In-Reply-To: <4B71AAC4.8000303@dcrocker.net>
References: <20100209012039.98092.qmail@simone.iecc.com> <4B70BCCB.5020405@dcrocker.net> <alpine.BSF.2.00.1002082110250.10191@simone.lan> <4B717F89.9060901@dcrocker.net> <alpine.BSF.2.00.1002091121080.5333@simone.lan> <4B719287.1000708@bbiw.net> <alpine.BSF.2.00.1002091154380.5333@simone.lan> <4B71AAC4.8000303@dcrocker.net>
User-Agent: Alpine 2.00 (BSF 1167 2008-08-23)
Cleverness: None detected
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: Anti-Spam Research Group - IRTF <asrg@irtf.org>
Subject: Re: [Asrg] DNS basics, was overloading server names doesn't work
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Feb 2010 19:04:31 -0000

>>>>>> Nope, that won't work. CNAMEs don't do a partial match.
>> 
>>> Where did I or anyone else specify a partial match?
>> 
>> The user thinks his POP server is called mail.btinternet.com. When he
>> looks up _report.mail.btinternet.com, what do you expect to happen?
>
> He'll get a TXT record back.  This is nothing but exactly the same mechanism 
> that is used for DKIM and SRV, albeit with a different underscore subdomain.
>
> The DNS construct of partial matching has nothing to do with this mechanism.

Sorry, that's just plain wrong, he'll get NXDOMAIN.  You're expecting 
CNAMEs to do things that they don't do.  Don't take my word for it -- you 
know all the old DNS weenies better than I do so ask them.  Or see 
RFC1034, section 3.6.2 on page 14, and the algorithm in 4.3.2 on page 24, 
in particular step 3.a.

It wasn't a problem for DKIM because it's exceedingly rare and somewhat 
disreputable to use a CNAME to to point to an MX, but as we've seen it's 
very common for the A record for POP and IMAP servers.

R's,
John

PS: We'll save the other reasons CNAMEs don't do what you want for the 
advanced seminar.