Please do not mix CNAME and MX RRs

From time to time I observe the following email setups, from web hosting providers mostly:

$ host -t mx mail is handled by 5

$ host is an alias for has address

In other words this is a single server that provides web and mail services, The devil is in the details though: is an alias for This is a mistake as when something is declared as a CNAME, it cannot have other resource records bound with it. I copy from DNS for Rocket Scientists:

CNAME RRs cannot have any other RRs with the same name, for example, a TXT – well that was true until DNSSEC came along and in this case RRSIG, NSEC and certain KEY RRs can now occupy the same name.

So the above setup is wrong. The correct setup would be the following:

$ host -t mx mail is handled by 5

$ host has address

$ host is an alias for has address

That is if you want to use a CNAME at all. Personally I am using A RRs instead of CNAMEs whenever possible. But why cannot a CNAME carry any other information? I copy from RFC1034 (section 3.6.2):

A CNAME RR identifies its owner name as an alias, and specifies the corresponding canonical name in the RDATA section of the RR. If a CNAME RR is present at a node, no other data should be present; this ensures that the data for a canonical name and its aliases cannot be different. This rule also insures that a cached CNAME can be used without checking with an authoritative server for other RR types.

So please people, correct your defaults. Your clients will benefit from that.

5 thoughts on “Please do not mix CNAME and MX RRs

  1. Generally, I also see this incorect use of CNAMEs by many people, and I prefer using A records instead of CNAMEs.

    The only recent example where I have prefered CNAMEs over A records is with dual-stack systems and AAAAs.

    I have put A and AAAA RRs for one system, and then use CNAMEs for other roles on the same system, which made them instantly dual-stack, without the need to duplicate the IPv6 address to all of them.

    sotiris@jumbo:~$ host -t any has address has IPv6 address 2002:d4fb:e54::1
    sotiris@jumbo:~$ host is an alias for
    sotiris@jumbo:~$ host is an alias for
    sotiris@jumbo:~$ host is an alias for
    1. Once (2008/02) I complained to a large mail hub about their use of CNAMEs in MX records and the hazard it caused to our users. This is what I got back:

      Our advanced technical support team has examined your support request. Our current MX record configuration is designed to facilitate load balancing between multiple sites, providing better service and redundancy in case of outage. Despite the RFC, all major ISPs and all mail servers properly handle a CNAME MX. There is no technical reason to reject this mail except for a desire for strict compliance with the RFC, which was writtien many years ago for systems with a much lower volume of mail.

      Some people tend to think that they are above RFCs. They are wrong. Today I checked and the CNAME is not there. Where’s the advanced technical solution now?

  2. I recently saw a problem where NS records pointing to CNAME wouldn’t allow proper resolving, at least with Bind9…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s