On Wed, 2005-06-22 at 15:31 +0000, John Levine wrote:
That's a poor assumption. As I think we've mentioned several times
recently, CSV records are designed to identify client hosts, not
domains, and a normal setup would be to have a CSV record per mail
client.
Nevertheless hosts are multi-homed, and have multiple names. It's not
entirely insane to want to be able to use multiple SRV records for that
reason.
If the 'authorised but not authenticated' option remains in the CSV
spec, then I'd say that multiple SRV records should _definitely_ remain,
to allow for that to be used at the same time as 'authenticated'.
If we ditch that option then it still seems sensible to allow multiple
SRV records, but I'm not going to get into a fight about it. I'm more
concerned that the spec should be _explicit_ about what's allowed -- if
it's changed to explicitly forbid multiple records, I'll change my
records and my CSA implementation accordingly.
Ideally I'd like to see a limit of about five. That should suffice for
almost all multi-homing scenarios, without a massive increase in lookup
cost.
Dealing with them is easy -- just go through them in any order until you
find one where the IP address of the client matches the name, and then
honour that _one_ record. One SHOULD NOT publish a record which could
give different results for any one IP address depending on the order of
the SRV records.
--
dwmw2