1) Fit well within one 512-byte DNS packet, including some margin for later
expansion of other sections of that record.
2) Accommodate any reasonable number of IP addresses in a multi-homed host
setup.
3) Maximize the efficiency of DNS caching by encouraging aggregation of IP
addresses into one record.
Seems right.
4) Avoid problems with unexpected variations in the response to a query,
problems like incomplete record sets.
Incomplete record sets are by definition a bug, so we can assume they
won't happen.
5) Avoid the temptation of including hosts outside the direct and immediate
control of the sender.
6) Avoid opportunities for abuse, especially anything involving DNS.
How about allowing one CIDR block?
CIDR blocks are a routing construct. They have nothing at all to do with
allocation of addresses to individual hosts. Moreover, there is no way
using existing DNS records to represent a CIDR block other than by abusing
TXT records. So for all those reasons, that's not a good idea.
I still haven't seen any plausible scenarios where a host's CSV data
couldn't be represented by a single SRV per HELO name pointing to a
name with a modest set of A records.
R's,
John