On May 30, 2007, at 4:54 PM, william(at)elan.net wrote:
(3) Upward query vs. wildcard publication. 27 messages in
discussion from 15 people. Most of the discussion was a rehash of
the idea of associating semantics with DNS zone-cuts, which we had
already discussed and rejected. I have also been trying to get an
opinion from DNSOP on the idea of a one-level upward search (which
I think solves 90% of the problem), but haven't gotten any response.
Dont do it. The issue is that you can not properly tell where zone
delegation starts. I know resourceful programmers (including me)
keep track of this data and know that for example ".com" is one
delegation but ".uk" is not and there you have ".co.uk". But the
list is actually rather large and for several ccTLDs you have both
use ".com.??" and ".??" as proper delegation zones. So getting
around this is just way too tricky and if you don't what you end up
doing is sending multitude of extra queries to ccTLD name servers.
This is not proper operational approach as extra load would not be
spread but directed towards several single points on the net.
I would be happy to help co-author a draft that establishes a list of
current domains levels used by registries which should be excluded
from queries for DKIM related records. The list therefore
establishes the first and perhaps only location needing to be checked
regarding email related policies. A rather manageable domain list
established by this document would eliminate a need to use any type
of wildcard mechanism. To avoid query overhead, new upper level
domains should want to be added to this list as the need arises. A
wildcard mechanism is also something relatively easy to abuse. As
such, it is doubtful any wildcard scheme will gain acceptance within
DNSEXT or DNSOPS WGs.
-Doug
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html