ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Draft submitted for Client Address Authorization.

2004-05-15 20:56:54
from [Douglas Otis] [Permanent Link] 

On Fri, 2004-05-14 at 19:32, Matthew Elvey wrote:

On 5/14/2004 4:32 PM, Douglas Otis sent forth electrons to convey:


Here is an early link to a draft submitted to the IETF utilizing the DNS
SRV record to publish authorized clients for any protocol including
SMTP.  This draft also suggests the label for this SRV record can be
used to access a TXT record for error reporting information.  This was
to provide a foundation for a solution independent of how the
information is used.  This takes advantage of existing DNS listing and
reporting features while not creating a record possibly confused as
pointing to an SMTP server.
 
http://www.mail-abuse.com/public/draft-dougotis-SRV-CAA-00.txt

Our name server was modified recently so it may take some time to access
to this link.  If so, try-

http://204.152.185.196/public/draft-dougotis-SRV-CAA-00.txt


-Doug

 


Interesting.

In other words,
something like
"dig _smtp._tcp_c.example.com SRV"
is done by an SMTP server receiving email from a client.

It's not defined where "example.com" came from. (derived fom return 
path, HELO, rDNS...)

It perhaps returns something like
...
;; ANSWER SECTION:
example.com.              3600    IN      SRV      fred.example.com. 
example.com.              3600    IN      SRV      sam.example.com. 

;; AUTHORITY SECTION:
fred.example.com.              3600    IN      A      172.30.79.11
sam.example.com.              3600    IN      A      172.30.79.12
...
?
And if the client's IP is listed, then it is authorized by the domain 
administrator to send email.
A domain with a large number of ns and mail servers might be in trouble, 
no?
Say 8 RR's are returned, each of which reasolves to 8 A records (this is 
about the max in 512B packets)
So the domain can have at most ~64 mail servers.  Or am I missing 
something? 


Yes, DNS is limiting.  DNS was not intended to allow a single query to
return a large answer.  Just as large systems need a strategy to live
within constraints of DNS, this allows the same strategy to be used for
the SRV record as referenced through the helo/ehlo domain.  If a
convention is established in this regard of mapping SRV records from MX
records as a means for discovery, then a query for a series of smaller
answers becomes possible.  This allows different host sets to handle
outbound and inbound separately as allowed by such a specification.  I
hope to have another document ready soon to illustrate this.

If the SRV record is a major impediment, a special label for a TXT
record is possible, but allowing normal methods of handling DNS RR
information is a consideration.  This has been implemented per the
standard and any employment of new information will demand new code,
whether it is something completely new as for TXT or something
relatively new as for SRV.

Doug


FYI, ZoneEdit (who does DNS for my domin and many others) doesn't 
support SRV, though they do support TXT.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: The roaming user problem is insoluble (paging Meng Wong), Meng Weng Wong
Next by Date:  Re: The roaming user problem is insoluble (paging Meng Wong), Yakov Shafranovich
Previous by Thread:  Re: Draft submitted for Client Address Authorization., Matthew Elvey
Next by Thread:  Re: Draft submitted for Client Address Authorization., william(at)elan.net
Indexes:  [Date] [Thread] [Top] [All Lists]