Steve Atkins wrote:
On Jun 7, 2007, at 1:34 AM, Hector Santos wrote:
The single DNS query syntax would be:
a.b.c.d.e.f.g.h.i.j.k._ssp.foo
The result will depend on what this organization is going to define
for policies at each level.
By your reasoning, if presented with the hostname
sales.demon.co.uk you would query for sales.demon.co._ssp.uk.
That won't work. At all.
Please, before making assertions about how DNS resolution
should work, think about the basics of how DNS actually works.
For the record, has you tried it?
I have it prepared for my santronics.com zone file.
; default NOMAIL
*._ssp 0 TXT "v=dsap1.0; rr=0; op=; 3p=; fa=fail; fx=fail;
fs=fail;
; santronics.com OPTIONAL policy, no 3PS
_ssp 0 TXT "v=dsap1.0; sd=*; rr=0; op=optional; 3p=never;
a=rsa-sha256; fa=fail; fx=fail; fs=fail;
; alway sign with corp.santronics.com
corp._ssp 0 TXT "v=dsap1.0; sd=corp; rr=0; op=always; 3p=never;
a=rsa-sha256;
; alway sign with sales.santronics.com
sales._ssp 0 TXT "v=dsap1.0; sd=sales; rr=0; op=always; 3p=never;
a=rsa-sha256;
; alway sign with europe.santronics.com
europe._ssp 0 TXT "v=dsap1.0; sd=europe.sales; rr=0; op=always;
3p=never; a=rsa-sha256;
; never sign with public.santronics.com
public._ssp 0 TXT "v=dsap1.0; sd=public; rr=0; op=never; 3p=never;
; never sign with list.santronics.com
list._ssp 0 TXT "v=dsap1.0; sd=list; rr=0; op=never; 3p=optional;
3pl=mipassoc.org
Do the DNS query for the valid ones and fake sub domains, or no subdomains:
NSLOOKUP -query=txt SUBDOMAINS._ssp.santronics.com
You said it won't work "AT ALL." I would like to know why not? Every
policy I want is defined including eliminating the ABUSE with a global
NOMAIL record.
--
Sincerely
Hector Santos, CTO
http://www.santronics.com
http://santronics.blogspot.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html