On 11/20/2004 2:14 AM, John Levine sent forth electrons to convey:
John, you say that using the Zone Cut is a Bad Idea (won't work
reliably). Does that mean that SPF (spf-draft-200406, which requires
use of a Zone Cut for an optional feature) is defective?
Well, there's a lot not to like in that draft. In the specific case
of the faux wildcards, what it says if you use a parent, it must be
the zone cut. You can do that, but the only reliable way to do so is
to walk up the tree looking for an SOA record, then fetch the TXT
record at the same node as the SOA record. This is probably more DNS
queries than they had in mind, but SPF has so many situations that
require absurdly large numbers of queries that one more hardly
matters.
Yup. Glad to see your scheme from the last day of the IETF mtg mentioned:
Given that you have to walk up the tree anyway, it would
make a lot more sense to forget the zone cuts, walk up the tree
looking for TXT records, and when you find one, use it.
Did you grok the whoisable idea? It could cut a DNS lookup or two off
the walk up the tree.
Though I suppose if those lookups are going to be cached locally, it's
no big deal.
Perhaps a DNS expert could chime in.
*Unless one is concerned with coming across wacked out DNS entries for
legit senders whose HELO domains have more IPs than fit in a UDP packet.
The last time I checked, outgoing mail servers at Hotmail all HELO as
hotmail.com. But I agree that's not likely to be a problem for CSV
since any host with a whole lot of outgoing mail servers is unlikely
to want to make them the same IPs as their web servers.
:)