Doesn't this mean that DMP [...] require a minimum of 2
DNS queries?
More like a maximum of two, minimum of one[1].
Ok, so DMP doesn't require you to fetch *both* the TXT record and the
A record? Doesn't the TXT just say that "yes, this domain uses DMP"?
There's no A RR used at all in DMP. There's a TXT record for each host (or a
wildcard if ye be so brave enough to use one for a /24 or /16) and one for
the domain itself, to check if the domain publishes records.
So a receiver queries the IP+domain first, and if it gives NXDOMAIN only then
does it query the domain itself. The sender would see more dual queries if a
forgery was in progress, and if any wildcard records didn't synthesise
"dmp=deny" answers.
The flowchart in draft-fecyk-dmp section 5 explains the lookup and response
steps better than I can here.
Actually, I've asked about this before (yeah I'm stroking my own ego here -
give me hell as you see fit).
What of the practicality of IP+domain queries, where each e-mail causes a
query, vs domain-only queries where maybe the domain's queried once in a
while with larger responses? Or perhaps there's a better alternative to both
of these. DNS Folks: Assume for a moment that we're using a new record type
or class (or both) and imagine it's not called TXT or A or whatever existing
types or classes are called. Also assume that hard-defined name spaces
weren't needed because they aren't, really.
--
PGP key (0x0AFA039E):
<http://www.pan-am.ca/consulting(_at_)pan-am(_dot_)ca(_dot_)asc>
What's a PGP Key? See <http://www.pan-am.ca/free.html>
GOD BLESS AMER, er, THE INTERNET. <http://vmyths.com/rant.cfm?id=401&page=4>