On Sat, 4 Sep 2004, Michael Weiner wrote:
I have noticed an interesting "side-affect" of publishing both spfv1 and
spf2/pra text records in my dns. When you do a host -t txt userfriendly.
net you will see the following:
userfriendly.net text "v=spf1 ip4:68.22.33.177/29 ?all"
userfriendly.net text "spf2.0/pra +ip4:68.22.33.177/29 ?all"
however, doing that lookup a few times in a row indicates that the
record i get back first changes, meaning sometimes the spf1 record is
presented first, other times the spf2/pra record is presented first. My
question about this behavior is fairly straight-forward. Wont this break
spfv1-only checking domains? Meaning when a domain receiving email from
userfriendly.net goes to do a lookup, it stands a chance of NOT getting
back the spfv1 record, and thus might fail the check thinking there is
no spfv1 record published.
Is there a good method to correct this within bind9 so that the records
are always presented in the logical order (sfpv1 first then spf2/pra)
due to current implementation? Otherwise the behavior is more akin to
round-robin dns implementations.
Its not "akin" to round-robin dns - it is round-robin dns!
Just because these are multiple TXT records, does not make it any more
different then host with multiple "A" records which is where people
see round-robin comes in most often. DNS works same way for any record
type, so it will randomly select the order of how these records are seen
by dns client.
Accidently, randomness of requests to multiple dns root servers, is based
on the same dns feature; so is randomness of requests to different nameservers
listed for any given domain (that is why all nameservers need to be kept
syntronized as far as domain zones they are authoritive for.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net