On Tuesday 10 August 2004 7:18 pm, John Levine wrote:
I believe that if you put in multiple TXT records for the same FQDN
(example.com as above), then *all* of those TXT records are sent
back in a single UDP reply packet, so the 512 (more like 420) byte
UDP packet restriction applies to THE AGGREGATE SIZE of ALL text
records for a single FQDN.
Yes, that's correct. If a response includes multiple records, which
it will if the query is a TXT query and there are multiple TXT records
for the name, they're all sent in one response packet, which will have
well known problems if they don't fit in a 512 byte UDP response
packet, and less well known but more serious problems if they don't
fit in a single TCP packet.
I admit to hearing this statement at San Diego last week, but I didn't
understand it then, and I don't understand it now. What is being referred to
with the term "TCP packet"? Is this a reference to the MTU?
I will admit to not being familiar with *all* DNS software, but I am having a
hard time believing that there is DNS resolver software that a) does TCP, but
b) somehow is unable to read an entire DNS message using TCP if it requires
more than a few IP packets to transmit.
It is more credible for me to believe that there is DNS software that won't
fall back to TCP, or that there are some that don't actually allocate 64k
(the actual maximum) of space for receiving a message.
One of the reasons that the DNS has multiple record types is so that a
query can specify the type it wants and just get the relevant records,
keeping responses small. Overloading TXT breaks that.
I believe that the working group made no objection to sub-domaining
records (publishing TXT in _marid.example.com)
The problem with _marid subdomains is that they break wildcards, since
DNS wildcards don't permit _marid.*.foo.com. Some of us have per-user
subdomains implemented with wildcards, and there's no good workaround.
We could publish the TXT records for *.foo.com and let the clients
throw out the ones they don't understand, but then we're back to
stuffing all the TXT records into the same packet.
Since no one seems to be talking about removing the "v=spf1/2" from the
beginning of TXT RDATA, I don't think "break" is the correct term here. The
_marid subdomain seems to improve the subtyping situtation in the
non-wildcard case, and leave the status quo in the wildcard case. This looks
like a net improvement to me.
So if you need multiple TXT records at your wildcard, you will have to be
careful about the size of that TXT RR set, but everyone else gets more
David Blacka <davidb(_at_)verisignlabs(_dot_)com>
Sr. Engineer VeriSign Applied Research