----- Original Message -----
From: "Andrew Newton" <andy(_at_)hxr(_dot_)us>
To: "IETF MARID WG" <ietf-mxcomp(_at_)imc(_dot_)org>
Sent: Wednesday, June 09, 2004 2:53 PM
Subject: Towards resolution on Wildcards
In order to reach consensus on the issue of wildcards, we would like
working group participants to answer the following questions. Please
read through them first before responding.
1) During the MARID interim meeting, Ted Hardie suggested a dual record
type approach whereby TXT would be used in servers incapable of
supporting a new record type, but more capable servers would use a new
record type (specifically defined for MARID). Do you feel this is a
workable solution? (Reference Margaret Olson's description here:
http://www.imc.org/ietf-mxcomp/mail-archive/msg01512.html).
What is the client requesting? How will it determine what to request? The
following keeps coming back to me. There are two basic classes of the
problematic anonymous mail sender:
1) Spammers - using bad/unknown (NXDOMAIN) domains and stolen domains.
2) Virus Mail - using mostly stolen names as they used this for a potential
2nd level distribution tier (bounces).
In other words, one group doesn't really want to get bounces, the other
group welcomes them!
Nonethless, by far, the majority will result in other a bad or unknown
lookup simply because the majority of the mail is spam. Hence, this is a
major overhead in DNS lookups.
One of the issues with DMP was its dual lookup. Early SPF was designed to
avoid this. However, I was able to show Meng that a dual was potentially
required. So the spec was modified.
The point is, by far, the majority of one system's lookup will be useless
overhead. Multiple this across the widely deployed network, and I think they
will be an undesirable consequence in distributed DNS operations.
So perferably, one lookup would be better.
2) Do you feel a MARID solution needs the capability of DNS wildcards?
Based on my experiences, yes. But not a *.XYZ.COIM lookup but rather an
xxxx.XYZ.COM lookup so that if I have a policy defined for XYZ.COM, any sub
domain provided will return the same result.
3) If you answered "yes" to both of the above questions, then is it
reasonable to expect DNS wildcard capability only with the new record
type and not the TXT usage (because TXT may be defined to use a
prefix)?
I am not a DNS expect, so I don't know the differences between RR or TXT (I
thought a TXT was an RR?) anyway, I would like it so that defining policy
for domain XYZ.COM, any SUB.XYZ.COM lookup returns a policy.