ietf-mailsig
[Top] [All Lists]

Re: wildcards, was Re: dkim technology?

2005-08-03 01:58:19

Tony Finch wrote:

(On an off-topic tangent, because this hasn't been made clear in this
thread so far, the specific problem with CSA and wildcards is that SRV is,
in general, incompatible with wildcards: if you try to blanket a zone with
wildcards in order to ensure that all invalid EHLO names within the zone
have negative CSA SRV records, including those names that do not otherwise
appear in the DNS, then you'll also return bogus SRV data for any SRV
query on any name in your domain. Wildcards are less problematic with
other RR types.)
It's my understanding that in general a wildcard will not apply to a name for which there is a record of any RR type associated with it. So even if you create a new RR type "XYZ", and publish an XYZ record for *.example.com, that record will not be returned for foo.example.com if there is an A record for foo.example.com.

This is why we have avoided any use of wildcards in DKIM.

-Jim

<Prev in Thread] Current Thread [Next in Thread>