On Fri, Jan 23, 2004 at 10:30:04PM -0500, Tim Wilde wrote:
| On Fri, 23 Jan 2004, Phil Howard wrote:
|
| > SPF can do this now with the "exists" mechanism. My only problem with it
| > is that by using NXDOMAIN for a negative answer, it doesn't get to cache
| > very well. I'd like to see it _also_ say that an A record in 0/8 space
| > also means negative (but can be cached as per the TTL value).
|
| But NXDOMAIN is also cached, at the TTL specified by the last field of the
| SOA, the negative cache TTL. So as long as the zone (be it an RBL or
| anything else) has a reasonable negative cache TTL, that's really not a
| problem.
The original idea was allow some extra information bits and to allow using
some DNSBL zones. But I was also concerned with the fact that it is well
known that some DNS caching implementations don't do negative caching the
right way (some don't even cache negative responses at all, and do not use
the TTL value correctly).
That said, if SPF goes ahead and treats _only_ NXDOMAIN as the negative
response, it's not the end of the world. It will mostly work, but not all
DNSBLs can be readily used with "exists".
--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡