Re: [DNSOP] RFC 8482 (the ANY -> HINFO hack) and DNAME

Viktor Dukhovni <ietf-dane@dukhovni.org> Mon, 18 November 2019 17:37 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A807B12013D for <dnsop@ietfa.amsl.com>; Mon, 18 Nov 2019 09:37:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5f6JqDWe_kwF for <dnsop@ietfa.amsl.com>; Mon, 18 Nov 2019 09:37:55 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C8CD120074 for <dnsop@ietf.org>; Mon, 18 Nov 2019 09:37:55 -0800 (PST)
Received: from [192.168.1.161] (unknown [192.168.1.161]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by straasha.imrryr.org (Postfix) with ESMTPSA id 7878733009B for <dnsop@ietf.org>; Mon, 18 Nov 2019 12:37:54 -0500 (EST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <A3FED43A-8C8B-432D-A1D1-6710B07643D0@isc.org>
Date: Mon, 18 Nov 2019 12:37:53 -0500
Content-Transfer-Encoding: quoted-printable
Reply-To: dnsop@ietf.org
Message-Id: <BCEB457E-98BB-4B5E-82EB-B552BB8C7DD6@dukhovni.org>
References: <20191116144152.0AB3DF61257@ary.iecc.com> <069FA704-BC4C-4777-B812-E161993F22AB@dukhovni.org> <A3FED43A-8C8B-432D-A1D1-6710B07643D0@isc.org>
To: dnsop@ietf.org
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/1K-pdslZX1cZFI7QTHq65wC1cb0>
Subject: Re: [DNSOP] RFC 8482 (the ANY -> HINFO hack) and DNAME
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 18 Nov 2019 17:37:58 -0000

> On Nov 17, 2019, at 8:35 PM, Mark Andrews <marka@isc.org> wrote:
> 
> Just because broken configuration don’t always cause problems doesn’t mean
> that they don’t sometimes.  MTA’s need to know what names they are known
> by to properly remove MX records from consideration when performing store and
> forward. Email forwarding loops still occur.

Postfix ignores the names, and does loop elimination by IP
address.  It also detects loops when it sees its own name in
the 220 banner or EHLO reply.  Relying on just canonical names
for loop elimination is not enough.  The same IP address can
can have multiple names even without CNAMEs.

Other MTAs may look at the names and not the addresses, but
I would hope that they also employ additional loop detection
mechanisms, and there's ultimately the hop (Received header)
count.

-- 
	Viktor.