In
<C6DDA43B91BFDA49AA2F1E473732113E5DBD27(_at_)mou1wnexm05(_dot_)vcorp(_dot_)ad(_dot_)vrsn(_dot_)com>
"Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com> writes:
I disagree that, in the case of SPF, this collides "badly" with other
uses of TXT.
But the collisions reduce performance both for SPF lookups and for any
colliding lookups.
There is only a noticeable performance difference when the use of SPF
pushes the DNS query past the 512 byte UDP limit. As I posted
earlier, there are only something like 5 or 6 domains out of 1.3
million where adding SPF records would have a reasonable chance of
causing DNS over TCP. That is a *very* small percentage.
The DNS group at one time had one KEY record for all DNS keys for all
applications. They switched to make it DNSSEC specific for this exact
reason.
Uh, yeah, but one key difference is that SPF records are generally
very small, while the KEY records are not.
The SPF group on its own could probably have got _spf deployed if they
had insisted. The IETF can definitely get _marid.$domain deployed.
This is true, but I wasn't addressing this issue.
That said, if MARID adopts something other than SPF as the record
format then using a subdomain is something worth considering. If
MARID adopts SPF, I think changing the location of the record would be
foolish.
-wayne