Re: New DNS record issue.
2004-01-13 09:44:39
I think we all agree that the _spf.domain.com is a technically cleaner
solution that provides quite a number of benefits. But, the decision
to not use _spf has much more to do with the landscape of DNS today and
the ability to deploy SPF.
the delta between "_spf." and "" becomes significant.
It becomes significant if you start colliding with other records.
Well, there really aren't others. The TXT records published by the few
domains that people have held up as counter examples, aren't really a
problem: They don't even come close to being confused with an SPF
record. (None start with "v=spf", or even "v=" for that matter.) It
is true that SPF records could be confused with the intended purpose of
those other few TXT records, but, as far as we've seen, they are only
used for human sys. admin. viewing.
In effect what you are saying here is that SPF is going to be so
important that it can in effect claim TXT for exclusive use.
Yes. (Or at least, at the top level of a domain, and there is the "v="
convention to allow other uses...)
Nobody really cares. Besides, it's due to that kind of thinking
that some DNS providers won't let you do underscores. It's easier to
talk them into TXT.
If nobody cares lets do it my way. I care rather a lot. The DNS
infrastructure is something we care rather a lot about.
You misunderstood Meng: Nobody really cares that upon careful reading
of the RFCs, underscore DNS names are legal as long as they are not
host names. In this case, the nobodies are some DNS service providers,
and some DNS software authors. As a consequence, for many domain
owners, they are unable to publish an SPF record under a DNS name with
an underscore without changing their DNS provider and/or DNS software.
(Note: DNS software in this case is more than just the DNS server
itself. It is also the entire administration chain from web based
interfaces to configuration files. We've seen that, alas, any software
along this chain that made the mistake of limiting DNS names to the
more restrictive host names, breaks the ability to publish under the
_spf domain.)
Yes - we all care about the DNS infrastructure a lot. Alas, there is
so much of it already deployed, and so much of it was designed in very
different internet environment with very different set of assumptions,
that it is tricky to extend in a way that is deployable. I'm sad DNS
doesn't have a built-in decentralized extension mechanism. (Why not
have: "foo IN EXT type=com.pobox.spf, text="+mx +ptr -all", and allow
queries to restrict the range of EXT records based on prefix matching
of the type so as to limit the amount of returned data?) But, alas,
DNS was designed in an era where every byte was expensive, and software
update across the whole infrastructure was a reasonable idea.
Remember that we also want to be able to use the TXT record to do
other stuff ourselves...
Yes, TXT records need an extension mechanism. Assuming that any other
project that decides to publish information via TXT records comes to
the same conclusions that SPF does, they'll want to put their TXT
record directly in the domain. SPF has started the convention of
starting such records with "v=". This way, other systems could use it
"v=ipsec", etc.... This is a little better than just starting the
record "spf" and "ipsec" as it reduces the chance of collision with
previously existing, mostly for human consumption, TXT records.
Note that some of your examples, notably Receiver Info, can done by
extending SPF. SPF was designed so that the information it asserts
about mail from the domain can be extended. I can easily imagine
"v=spf +mx +domainkey -all", someone just needs write RFC for the
'domainkey' mechanism.
[on implementation] Otherwise you have to start looking at the content
of the record which is a bit more complex.
Since you have to look at the SPF record content to do anything with it
(its mere presence doesn't tell you anything useful), having to compare
the start of returned TXT records with "v=spf " isn't a difficult, or
expensive, programming problem, especially in a scripting language.
- Mark
Mark Lentczner
http://www.ozonehouse.com/mark/
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname(_at_)©#«Mo\¯HÝÜîU;±¤Ö¤Íµø?¡
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- RE: New DNS record issue., (continued)
RE: New DNS record issue., Hallam-Baker, Phillip
RE: New DNS record issue., Hallam-Baker, Phillip
Re: New DNS record issue.,
Mark Lentczner <=
Re: New DNS record issue., Wechsler
RE: New DNS record issue., Hallam-Baker, Phillip
Re: New DNS record issue., John Capo
|
|
|