Re: [dbound] [art] [DNSOP] not DNAME, was Related Domains By DNS (RDBD) Draft

Tony Finch <dot@dotat.at> Thu, 28 February 2019 13:32 UTC

Return-Path: <dot@dotat.at>
X-Original-To: dbound@ietfa.amsl.com
Delivered-To: dbound@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1EBC130E69; Thu, 28 Feb 2019 05:32:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NpgywNb7kHcO; Thu, 28 Feb 2019 05:31:57 -0800 (PST)
Received: from ppsw-30.csi.cam.ac.uk (ppsw-30.csi.cam.ac.uk [131.111.8.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A96CD130E7F; Thu, 28 Feb 2019 05:31:57 -0800 (PST)
X-Cam-AntiVirus: no malware found
X-Cam-ScannerInfo: http://help.uis.cam.ac.uk/email-scanner-virus
Received: from grey.csi.cam.ac.uk ([131.111.57.57]:46358) by ppsw-30.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.136]:25) with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) id 1gzLmy-000hLW-eD (Exim 4.91) (return-path <dot@dotat.at>); Thu, 28 Feb 2019 13:31:52 +0000
Date: Thu, 28 Feb 2019 13:31:51 +0000
From: Tony Finch <dot@dotat.at>
To: John C Klensin <john-ietf@jck.com>
cc: John R Levine <johnl@taugh.com>, art@ietf.org, dbound@ietf.org
In-Reply-To: <49A2FC767B5A7146F39456B9@PSB>
Message-ID: <alpine.DEB.2.20.1902281321580.19193@grey.csi.cam.ac.uk>
References: <20190227172143.10303200F57CE0@ary.local> <1FFA1977E97DE99C390869DA@PSB> <alpine.OSX.2.21.1902272038320.3336@ary.local> <49A2FC767B5A7146F39456B9@PSB>
User-Agent: Alpine 2.20 (DEB 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Archived-At: <https://mailarchive.ietf.org/arch/msg/dbound/OZOYnuwvqK-APfx2aGQWR-E7c7E>
Subject: Re: [dbound] [art] [DNSOP] not DNAME, was Related Domains By DNS (RDBD) Draft
X-BeenThere: dbound@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DNS tree bounds <dbound.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dbound>, <mailto:dbound-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dbound/>
List-Post: <mailto:dbound@ietf.org>
List-Help: <mailto:dbound-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dbound>, <mailto:dbound-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2019 13:32:05 -0000

John C Klensin <john-ietf@jck.com>; wrote:
> John R Levine <johnl@taugh.com>; wrote:
>
> > There's the additional issue that an MX with a target of a
> > CNAME or DNAME doesn't work reliably,
>
> "doesn't work reliably" may or may not be a synonym for "is
> explicitly prohibited by SMTP" but the latter is true is any
> event.

Actually the issue here is not the target of the MX but its owner,
i.e. the mail domain itself.

As you know, professor (to coin a phrase) if I have:

foo.example MX mx.foo.example
bar.example CNAME foo.example

This is allowed per SMTP. However there are disagreements between various
versions of the specification and various implementations about what this
means.

Some treat it as equivalent to

bar.example MX mx.foo.example

Others treat it as equivalent to a directive that says addresses
@bar.example should have the domain part rewritten to foo.example.

So if you have CNAME (or DNAME) pointing at MX and you want the alias to
be usable as a mail domain, you have to be super careful with the setup of
the target mail servers to work around the interoperability gotchas.

On the other hand, although MX pointing at CNAME is formally frowned on,
AIUI it works fine in practice.

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>;  http://dotat.at/
East Forties: Northerly 4 or 5. Slight or moderate. Fair. Good.