On 25 Jun 2005, at 10:37, David MacQuigg wrote:
Seems like the fundamental requirements for an ideal authentication
record are:
1) Fit well within one 512-byte DNS packet, including some margin for
later expansion of other sections of that record.
2) Accommodate any reasonable number of IP addresses in a multi-homed
host setup.
3) Maximize the efficiency of DNS caching by encouraging aggregation
of IP addresses into one record.
4) Avoid problems with unexpected variations in the response to a
query, problems like incomplete record sets.
5) Avoid the temptation of including hosts outside the direct and
immediate control of the sender.
6) Avoid opportunities for abuse, especially anything involving DNS.
How about allowing one CIDR block?
</lurk>
Dave, how would a CIDR block help with a multi-homed host, or are you
trying to address a different issue with that suggestion?
If you are trying to address another issue with your CIDR suggestion,
is there any reason that a single host's HELO would need to be
associated with multiple A records other than (1) multi-homing or (2)
using a domain name rather than a host name for a HELO?
<lurk>
--
Mike Pinkerton
pselists(_at_)mindspring(_dot_)com