Re: Re: inherited SPF record

On Thu, Aug 05, 2004 at 04:43:22AM -0400, Jeremy Kister wrote:

On Thursday, August 05, 2004 4:05 AM, Koen Martens wrote:

You've answered your question yourself. If you choose to not choose spf,
your mechanism could force people into having to adapt to spf records
higher up. It should rather be the case that by doing nothing (ie not
publishing spf), nothing changes for you.

Except that from the way I'm thinking about it, only the domain owner will
be editing the SPF record.  If the domain owner has delegated higher-level
domains out to users, then he should add the "do not inherit" flag.  A
domain owner can add tons of records that would negatively impact the users
of his domain -- it's his responsibility to impact his users, or not.  If
we're trusting admins to do fancy things like macro expansion and cidr
expressions, asking them "should this record be inherited for all
subdomains?" should be a trivial question.


Again, you let the decision be up in the domain hierarchy, not with the
(sub)-domain owner himself.

Even thought it feels icky, I agree scripting out of the problem is easy.
But be clear: you're asking every DNS administrator to more-than-double the
size of their DNS database (sql, flat-files, or otherwise).  This isnt a
problem for the guys with >500,000 records, but when you get into the
a-million-records-in-this-domain, and 200+ million records in all domains,
that adds up....


Well, that's true of course. On the other hand, in the long run it
should lessen the burden of joe-jobs and other load-eating misfortunes.
Perhaps the two even out? Anyway, at hard-disk space going for less than
1 euro per gigabyte, it's not that big a problem I think.

Koen

-- 
K.F.J. Martens, Sonologic, http://www.sonologic.nl/
Networking, embedded systems, unix expertise, artificial intelligence.
Public PGP key: http://www.metro.cx/pubkey-gmc.asc
Wondering about the funny attachment your mail program
can't read? Visit http://www.openpgp.org/

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features 
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

pgpdpWjwOqasC.pgp
Description: PGP signature

<Prev in Thread]	Current Thread	[Next in Thread>
Re: inherited SPF record, (continued) Re: inherited SPF record, Ralf Doeblitz Re: inherited SPF record, Stephane Bortzmeyer Re: inherited SPF record, Frank Ellermann Re: inherited SPF record, Meng Weng Wong inherited SPF record, Roger Moser inherited SPF record, Roger Moser Re: inherited SPF record, Stuart D. Gathman inherited SPF record, Roger Moser Re: inherited SPF record, Stuart D. Gathman Re: inherited SPF record, Jeremy Kister Re: Re: inherited SPF record, Koen Martens <= Re: inherited SPF record, Jeremy Kister re: inherited SPF record, systhine Re: re: inherited SPF record, Koen Martens Re: re: inherited SPF record, David Brodbeck Re: re: inherited SPF record, Nico Kadel-Garcia Re: re: inherited SPF record, David Brodbeck Re: re: inherited SPF record, Nico Kadel-Garcia RE: re: inherited SPF record, Scott Kitterman Re: re: inherited SPF record, Guillaume Filion RE: inherited SPF record, Matthew.van.Eerde