China.com重新推出了它的免费邮箱服务,后缀是。查询其DNS设置,得知是coremail驱动的服务。如下是MX记录: 398 IN CNAME 300 IN MX 10

如下是webmail域名的记录: 500 IN CNAME 180 IN A 180 IN A


疑惑之处在于,前述MX记录是一条CNAME。按照RFC,CNAME不能与其他资源类型共存。对于mail.china.com这个邮件域,肯定需要MX,但它同时又设置了一条CNAME,DNS客户端会如何解析?关于这个问题,ISC的Mark Andrews有2封回复信。


Those with developers that don’t read RFC 1034 which tried to prevent
this from happening.

The domain system provides such a feature using the canonical name
(CNAME) RR. A CNAME RR identifies its owner name as an alias, and
specifies the corresponding canonical name in the RDATA section of the
RR. If a CNAME RR is present at a node, no other data should be
present; this ensures that the data for a canonical name and its aliases
cannot be different. This rule also insures that a cached CNAME can be
used without checking with an authoritative server for other RR types.


3. Start matching down, label by label, in the zone. The
matching process can terminate several ways:

a. If the whole of QNAME is matched, we have found the

If the data at the node is a CNAME, and QTYPE doesn’t
match CNAME, copy the CNAME RR into the answer section
of the response, change QNAME to the canonical name in
the CNAME RR, and go back to step 1.

Otherwise, copy all RRs which match QTYPE into the
answer section and go to step 6.

This is a singular CNAME (“copy the CNAME”) record without any other
data present at the node (“the data at the node is a CNAME”). Now
DNSSEC relaxes this slightly to allow RRSIG and KEY to co-exist
with a (singular) CNAME record.


MTA’s that follow RCF 822 will rewrite as

MTA’s that follow RFC 2822 or RFC 5322 won’t preform the rewrite.

The better solution for this would be two MX records. IN MX 10 IN MX 10

It would be a alternative to a CNAME.

You you are publishing email addresses as user@domain then there
really should be a MX record at domain. There really doesn’t need
to be a double level of indirection.

Today you get:


A better cleaner setup would be:

I suspect that almost all of the presure to change the CNAME behaviour
for MX records came about because people abused CNAME for HTTP. It
has never been hard to add new record types to the DNS. People
just thought it was hard so they never started the process. As a
result SMTP behaviour was changed rather than the simple thing of
adding a record for HTTP to the DNS.

You end up with stupid sets of records like these because people
wern’t willing to do the little bit of effort to actually get a
clean setup.


此条目发表在Common分类目录,贴了, 标签。将固定链接加入收藏夹。