BIND 9.6 Flaw - CNAME vs. A Record in MX Records are NOT "Illegal"

Michael Milligan milli at
Mon Feb 2 19:20:40 UTC 2009

David Sparks wrote:
> There are plenty of ways to get a mail loop that don't involve DNS
> mis-configuration.  As such pretty much every major MTA detects and stops mail
> loops.

Not if you (accidentally) fat-finger the MTA configuration.  It is
completely possible to still mis-configure a MTA to deliver to itself as
fast as possible.  A DNS configuration with CNAMEs in the mix
short-circuits delivery loop detection at the MX level and just sets up
more potential for a loop.

> So mail loops are a non-issue ... next?

That is the _entire_ issue here.


More information about the bind-users mailing list