Tuesday, June 8, 2010

Should MX record point to CNAME records (aliases)?

SkyHi @ Tuesday, June 08, 2010
Though the practice of pointing MX records to CNAME (alias) records is not that uncommon, it certainly isn't in keeping with internet standards.

When you point a MX record to a CNAME, you're in fact inviting double the DNS traffic to your DNS servers. Try this by performing a name resolution query using nslookup:

>nslookup -querytype=MX somedomain.com
somedomain.com MX preference = 5, mail exchanger = mx1.somedomain.com
somedomain.com MX preference = 10, mail exchanger = mx2.somedomain.com
mx2.somedomain.com internet address =

As you can see from the above query, the record mx1.somedomain.com is not resolved to an IP address. This is because it's a CNAME.

To resolve the CNAME, the sender's DNS server will have to perform a second query.

Not only is that inefficient, it is in fact explicitly prohibited by RFC 2181.
Section 10.3 of RFC 2181 states:

10.3. MX and NS records

The domain name used as the value of a NS resource record, or part of the value of a MX resource record must not be an alias. Not only is the specification clear on this point, but using an alias in either of these positions neither works as well as might be hoped, nor well fulfills the ambition that may have led to this approach. This domain name must have as its value one or more address records. Currently those will be A records, however in the future other record types giving addressing information may be acceptable. It can also have other RRs, but never a CNAME RR.

Searching for either NS or MX records causes "additional section processing" in which address records associated with the value of the record sought are appended to the answer. This helps avoid needless extra queries that are easily anticipated when the first was made.

Additional section processing does not include CNAME records, let alone the address records that may be associated with the canonical name derived from the alias. Thus, if an alias is used as the value of an NS or MX record, no address will be returned with the NS or MX value. This can cause extra queries, and extra network burden, on every query.

I've always assumed not pointing MX records to CNAME record(s) is merely a best practice or recommendation, and not a requirement. I stand corrected, as DNS geek (Zenprise seems to have more than its fair share of these :) Dmitri pointed out.