Andrew G. Tereschenko wrote:
Even more - currently proposed wildcard workaround:
*.example.com TXT "v=spf1 a mx -all"
will generate a bunch of traffic for wrong queries like a
nslookup -q=any www.example.com
nslookup -q=any pobox.com. ns2.rightbox.com
*** integer.pobox.com can't find pobox.com: Unspecified error
or
*** integer.pobox.com can't find pobox.com.: No response from server
Answer on this query is
DNS: DNS Flags = Response, OpCode - Std Qry, AA TC RD Bits Set, RCode - No
error
DNS: Question Entry Count = 1 (0x1)
DNS: Answer Entry Count = 17 (0x11)
DNS: Name Server Count = 0 (0x0)
DNS: Additional Records Count = 0 (0x0)
DNS: Question Section: pobox.com. of type Req for all on class INET addr.
But there is no any part Answer Section and no Additional Records and even
no Authority.
Message was truncated without giving us any valuable and resonable records
like a A, NS, MX.
Why ? Probably long TXT record in addition to short MX, A, NS records
caused DNS server to fail hard.
As well a lot of buggy DNS clients can fail hard becouse of TC bit.
Using long TXT records at domain defaut level disallow to use optimisations
then client need as much as possible records and willing to merge multiple
A,MX,NS queries into one.
I hope you understand me
--
Andriy G. Tereshchenko
TAG Software
Odessa, Ukraine
http://www.24.odessa.ua