I thiought this was a hack when I heard it during the meeting. But
I think that is could actually work.
It looks to me like it'll work if a) servers send SOA along with NXDOMAIN,
which most of them seem to do, and b) clients can see that data.
I suspect that b) is not true in the same Windows clients that can't fetch
a MARID record, returning us to the original problem.
There is a middle position that could be argued. We cannot require
a third of all parties deploying to upgrade their DNS servers in order
to be able to use MARID. But it might be possible to require the
subset who use wildcards to deploy a server that is capable of
generating synthetic wildcards.
I suspect the DNS crowd would be phenomenally unsympathetic to that. I
run a variety of quirky DNS servers here, from rbldns and rbldnsd to some
homegrown perl code that serves up the abuse.net database as a DNS zone,
but there's a large camp that says that if you can't AXFR it as a BIND
format zone file, it's not DNS. Realistically, if BIND 8 can't serve it,
it's not going to fly.
Proposed microhack: if you can't resolve _marid.phoo.example.com, try
_marid.*.example.com. This only handles one level of wildcard, but has
the advantage of being easy to code and working even on DNS clients that
don't give you all the ancillary data that you might want.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Mayor
"I dropped the toothpaste", said Tom, crestfallenly.