ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Wild card MXes

2004-05-29 00:47:04
from [Greg Connor] [Permanent Link] 

--"Hallam-Baker, Phillip" <pbaker(_at_)verisign(_dot_)com> wrote:




Am I correct in understanding that right now nobody else on this list
is against use of wildcards except Bob from Microsoft (and I suppose
everyone else from same company) and that everybody else on this list
feels that they are important part of dns->email functionality.


Like Bob I just love wildcards to death. In fact I want more better
and more expressive wildcards.

I have yet to see any application for a MARID wildcard that makes
sense. MX wildcards are a 'catch' for mail sent to a machine that
has been deleted or otherwise does not exist.
Right. One application for MX wildcards (as used at my current workplace) is, there are internal DNS names that are visible inside, but can't be resolved by the outside world. So instead we accept mail for *.ourdomain.com, and once it gets to our mailserver, it knows what to do with it.
MARID needs to handle wildcard A or wildcard MX, either by a wildcard MARID record, or by some algorithm we decide to use that finds other records and then applies them.
Let's focus on the case where there are already wildcard MX or A records. There may be other cases where you want a wildcard MARID record, but let's focus on those two cases for now. 



A MARID wildcard would only act if the NODE did not exist at all.
That means that mail is being sent from a machine with no DNS node.

I though the idea here was putting a stop to that type of thing.
Well. In the case of wildcard MX records, someone has decided they want to receive that mail. When you say "That means that mail is being sent from a machine with no DNS node," - would you say the same about a wildcard MX record as it relates to incoming mail?
Anyway, if you are sending mail from a domain name (right hand side) that doesn't correspond to either an A record or an MX record, you will already have trouble getting the mail accepted -- sendmail in particular will say that DNS name doesn't exist and refuse the mail without consulting SPF.
If the domain has a wildcard A record (for some web-hosting application maybe) then maybe they want to use those unlisted name for web but not for mail, so they may put a MARID record there that refutes all mail. That's one possible application we should either support or spend time figuring out a workaround.
In the case of wildcard MX (with or without A) you have decided to accept the mail, so you should be able to send from it as well (and use marid features on it.) 



The question here is an engineering tradeoff between support for
a wildcard facility we may not use and the ability to differentiate
MARID records amongst TXT records.
I have provided one possible usage case for wildcard MARID records. I believe we need them, and I believe putting _prefix before the domain when attempting the MARID lookup doesn't address the problem. Of course if you have a wildcard TXT record, _ep.xyz123.domain.com will work, but you get the same result as xyz123.domain.com. In all other cases, _prefix does allow you to differentiate the MARID record from the other TXT records. I don't think there is a solution that solves both wildcards and removes ambiguity at the same time or for the same set of users... users can either use wildcards, or they can have separate records for _prefix.xxx.domain.com that are separate and distinct from their TXT records for xxx.domain.com... they cannot have both.
Now let me express my personal opinion. I HATE (HATE) the idea of prepending a _prefix.
Since there has been a lot of attention and hand-wringing on the subject of "Do we really need Wildcard records?" maybe we should now turn the question on its head. Could someone come up with a case where real-life TXT records exist, and there is a compelling need to differentiate the MARID record from other TXT records? Since I don't know any real-world use cases for TXT other than SPF, my knowledge is limited in this area.
But, PLEASE let's NOT automatically assume that publishing a TXT record for the domain in question NEEDS to have a _prefix thrown in just for "good measure". I have tried to make a case for why we need wildcards: pretty much all you have to say is "Wildcard MX already exists in nature, so people will probably want wildcard MARID". Now I would like to see someone try to defend the need for adding a _prefix just as strongly. (I thought this was one of the points of Ed's DNS presentation: DNS "subtyping" may lead to problems, but so does _prefix and suffix)
My vote is probably going to come down on the side of using TXT records, with no prefix added, and switching to the MARID RR type when one becomes available on at least one mainstream mail server. 


--
Greg Connor <gconnor(_at_)nekodojo(_dot_)org>
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re submission of draft-ietf-marid-core-00, Marshall Rose
Next by Date:  Re: Wide-Open MADRID, Jon Kyme
Previous by Thread:  RE: Wild card MXes, Hallam-Baker, Phillip
Next by Thread:  List management: messages repeated, Greg Connor
Indexes:  [Date] [Thread] [Top] [All Lists]