partim, 1 month ago

@jschauma We’re currently working on a DNS diagnostics tool and one of the ideas is to include a command to fetch and display all the mail-related records.

(It’s very early days, but it’s here: https://github.com/NLnetLabs/domain-tools)

jschauma, 1 month ago

@partim nice, will need to check it out. Here’s a related tool, although perhaps more specific purpose: https://github.com/zuzazuza/domaincheck

partim, 1 month ago

@jschauma Maybe wait a bit … I’ve only built the scaffolding and a rudimentary “query” command (which is intended to do what dig does) just yet.

jschauma, 2 months ago

Brief summary of the different records following in this thread.

Longer explanation in my #SysAdmin video lectures here:
https://www.youtube.com/playlist?list=PLDadzdouM0VBkac7BMCsEMCcmgHoqRUz6

jschauma, 2 months ago

A single domain may have multiple MX records which may or may not be in the same domain (which itself may or may not be within the original domain):

jschauma, 2 months ago

For results with the same preference, mail servers MUST (per RFC2821) pick one at random; otherwise, the lower preference are preferred.

Subdomains may have their own distinct MX records. If a domain name does not have an MX record, but it has A or AAAA records, then one of those addresses is used ("implicit MX"). However, if no records are found, there is no subdomain climbing.

MX records MUST NOT point to a CNAME, but CNAMEs of the original name are followed:

dalias, 2 months ago

@jschauma Are you sure about that last MUST NOT? ISTR it being a common myth but modern standards not actually disallowing it.

fanf, 2 months ago

@dalias @jschauma there are weasel words in rfc 5321 https://www.rfc-editor.org/rfc/rfc5321.html#page-69 “Any other response, specifically including a value that will return a CNAME record when queried, lies outside the scope of this Standard.” what this actually means is, most implementations accept mx-points-to-cname, but they weren’t willing to write that down clearly

jeroen, 1 month ago

@fanf @dalias @jschauma the problem with MX to CNAME is that sendmail will helpfully replace the domain in the To with the name in the CNAME..... have fun with that ;)

fanf, 1 month ago

@jeroen @dalias @jschauma No, that’s cname pointing at mx

the rewrite was specified in rfc 821 for addresses in the smtp envelope but that was removed in 2821

dalias, 1 month ago

@jeroen @fanf @jschauma Wait what?! Is that in origination or at any step of processing?! 🤦

jeroen, 1 month ago

@dalias @fanf @jschauma https://www.oreilly.com/library/view/sendmail-4th-edition/9780596510299/ch09s03s03.html has a whole section about it and also text like http://www.harker.com/sendmail/rules-overview.html describe what is happening + @djb's writeup: http://cr.yp.to/im/cname.html

alarig, 1 month ago

@jeroen @dalias @fanf @jschauma @djb Another reason not to use sendmail