On Wed, Sep 22, 2010 at 4:34 PM, Hector Santos <hsantos(_at_)isdg(_dot_)net>
Murray S. Kucherawy wrote:
This shortens specific records, but doesn't shorten the overall answer.
If multiple TXT records are found, they are all packed into the same single
DNS reply. This actually consumes more space than a single large TXT record
If TCP upgrade of the DNS query is not possible, truncation can occur and
of the replies can get dropped, so you could only get a (basically random)
subset of your ASL, leading to false negatives.
Any modern DNS client that is not properly doing a UDP first, then
follow up with a TCP stream request for a truncation response, is not
worth talking about and any site using this sort of inadequate DNS
client software in this modern age will already have all sorts of
other problems especially if it wants to support SPF or any other
existing TXT based queries with large values.
IMTO, a proper DNS client is a natural operational requirement. In
addition, any operator utilizing the protocol with a large data set
will be informed packing the TXT record would be the recommendation to
help minimize traffic. Our DNS record manager will assist with this.
IMTO, what is a "waste" is the slack space with DNS queries with no
data or information in it
So I personally do not think this will be an issue.
I've seen it, with SPF records. A client may support TCP, but if the
firewall is set to not allow TCP packets for DNS, then you will have
the same issue.
So this issue exists. I'm getting support questions related to this
about once a quarter, up from once a year.
dkim-ops mailing list