MX to CNAME Is Illegal
The sendmail program is frequently more forgiving than other MTAs because it accepts an MX record that points to a CNAME record. The presumption is that, eventually, the CNAME will correctly point to an A or AAAA record. But beware: this kind of indirection can cost additional DNS lookups. Consider this example of an exceptionally bad setup:
hostA IN MX 10 mailhub mailhub IN CNAME nfsmast nfsmast IN CNAME hostB hostB IN A 123.45.67.89
First, sendmail looks up hostA
and gets an MX
record pointing to mailhub
. Because there is only a single
MX record, sendmail considers
mailhub
to be
official. Next, mailhub
is looked up to find an A or
AAAA record (IP address), but instead a CNAME
(nfsmast
) is
returned. Now, sendmail must
look up the CNAME nfsmast
to find its A or AAAA record.
But again a CNAME is returned instead. So,
sendmail must again look for
an A or AAAA record (this time with hostB
). Finally,
sendmail succeeds by finding
the A record for hostB
, but only after far too many
lookups.[155]
The correct way to form the preceding DNS file entries is as follows:
hostA IN MX 10 hostB mailhub IN CNAME hostB nfsmast IN CNAME hostB hostB IN A 123.45.67.89
In general, try to construct DNS records in such a way that the fewest lookups are required to resolve any records.
[155] * Most of this happens inside the gethostbyname(3) or getipnodebyname(3) C-library routine.
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.