Do CNAME records also forward MX requests?

About

Asked 30/8, 2012 at 19:48 Answered 31/8, 2012 at 0:44

My DNS has a set up for the domain base.com that consists of A and MX records. There are several other domains that are set up with CNAME records, pointing to base.com. Do I need to set up anything special (like extra MX records) for the CNAME domains, or will the CNAME records also forward any MX requests.

Example:
Will an email sent to [email protected] be delivered correctly to the MX of base.com if these (and only these) DNS records are in place:

; A and MX set up for base.com
base.com.  3600  IN  A  123.45.67.89
mail.base.com.  3600  A  123.45.67.89
base.com.  3600  IN  MX  10  mail.base.com.
; CNAME set up for otherdomain.com
otherdomain.com. CNAME  IN  A  base.com.

Ritter answered 30/8, 2012 at 19:48 Comment(0)

CNAME causes queries for all RR types (excluding CNAME itself) to be directed to the target name. That includes MX. So yes, the above zone data will cause queries for otherdomain.com.'s MX to resolve to mail.base.com..

Experiment with dig or your favorite DNS client. Not only will you confirm the result for sure, but you won't have to wait 4 hours for someone to answer your SO question before you get your answer!

Unfortunately, in this particular case, if your domain is really of the form otherdomain.com., you would not be able to configure a CNAME resource records for it. This is because domains that have CNAME records cannot have any other type of resource record at the same time. Yet if otherdomain.com. is directly below com. (or another gTLD), it is necessarily at the top of a zone and so it needs at least SOA and NS records.

Bougie answered 31/8, 2012 at 0:44 Comment(10)

Great stuff. This helped a lot. Could you please check your last paragraph though. I do not really dig it and have a feeling there is some typo in it. OH, and I have experimented a lot before asking (using NSLOOKUP as I am on Windows) and it seemed to work. But as the repercussions can be devastating I was looking for proof and all my Google searches for CNAME and MX did not really answer my question. – Ritter 31/8, 2012 at 5:10

Sorry about the last paragraph. I forgot "not" in the first sentence, which caused me to say the opposite of what I was trying to say! – Bougie 31/8, 2012 at 6:15

Celada, I think there still is a problem in the last paragraph. Could it be that you want to say "you would not be able to configure >>>MX<<< resource records"?!? Because actually I HAVE configured a CNAME for that domain in my example and you said that the example is correct. – Ritter 31/8, 2012 at 7:28

If you have configured a CNAME record for a name directly at a zone apex, you ought to be getting an error from the DNS server when it tries to load the zone. It's invalid. – Bougie 31/8, 2012 at 7:48

You are right, CNAMES for "naked domains" (the zone apex) do not comply with DNS RFCs. Funny thing is: Since I did not know that, I have done it with a number of domains without any error. Have a look at digilog.de for an example: The DNS entry contains SOA, NS and CNAME records, no A records. Looks like my DNS provider allows and resolves that non-RFC compliant combination. What I am unsure about: Is this transparent for all participants? Will all the world resolve successfully through my tolerant DNS? Or will other DNS servers try to read the details of my illegal set up and fail? – Ritter 31/8, 2012 at 11:44

I imagine that the way the standard is, clients which have previously resolved the name and cached the CNAME record would be within their rights to query only the target of the CNAME if they were afterwards asked about a SOA or NS record for the original name. They would thus never discover the existence of the SOA and NS records on the original name, and assume there were none. That being said, since SOA records have little impact and DNS servers must have known about the NS records already (from resolving the original name in the first place), you may not be losing much. – Bougie 31/8, 2012 at 13:41

Is it that domains cannot have both CNAMEs and other kinds of records at the same time, or you can't have a CNAME record for a particular alias that has other kinds of records? E.g. @ CNAME server.com and @ MX 10 mail.com will not work, but @ CNAME server.com and www A 123.123.123.123 will work. I'm not sure and haven't got any domains I can experiment safely with! – Giordano 6/9, 2014 at 10:24

I'm afraid I don't understand what you're asking @Giordano . Domains cannot have both a CNAME together with any other kind of record (it would break the wire protocol because clients are allowed to cache and follow the CNAME record). So yes indeed @ CNAME server.com and @ MX 10 mail.com are forbidden together. Your other example: @ CNAME server.com and www A 123.123.123.123 is OK because the two records are not for the same domain (one is a subdomain of the other). Assuming @ CNAME server.com is not at a zone apex for then it needs @ NS something and @ SOA something, not allowed – Bougie 7/9, 2014 at 15:16

Actually that does really help clarify in several ways. Before I read your comment I did not know that @ referred to a domains "apex" - I knew that @ could be used in a DNS configuration, I kind of knew what it did, but I did not know what to search for in order to find more (try searching for "@ DNS record" and see where that gets you!). Now I can learn more. Cheers! – Giordano 8/9, 2014 at 21:13

Just for complete correctness, @ does not necessarily refer to the zone apex. It actually stands for the current origin. The origin is set to be equal to the zone apex at the start of parsing of a zone file, but it can be subsequently changed with the $ORIGIN directive. As for searching for it, yeah, I sympathize with the difficulty of googling for punctuation! – Bougie 9/9, 2014 at 0:49

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags