On Sat, 2004-09-04 at 14:50, Michael Weiner wrote:
I have noticed an interesting "side-affect" of publishing both spfv1 and
spf2/pra text records in my dns. When you do a host -t txt userfriendly.
net you will see the following:
userfriendly.net text "v=spf1 ip4:68.22.33.177/29 ?all"
userfriendly.net text "spf2.0/pra +ip4:68.22.33.177/29 ?all"
however, doing that lookup a few times in a row indicates that the
record i get back first changes, meaning sometimes the spf1 record is
presented first, other times the spf2/pra record is presented first. My
question about this behavior is fairly straight-forward. Wont this break
spfv1-only checking domains? Meaning when a domain receiving email from
userfriendly.net goes to do a lookup, it stands a chance of NOT getting
back the spfv1 record, and thus might fail the check thinking there is
no spfv1 record published.
Is there a good method to correct this within bind9 so that the records
are always presented in the logical order (sfpv1 first then spf2/pra)
due to current implementation? Otherwise the behavior is more akin to
round-robin dns implementations.
You shouldn't need to worry about this. Implementations of "SPF Classic"
should retrieve all TXT records for a domain and discard any that don't
start with "v=spf1". So there shouldn't be a problem with ordering, just
as is the case with non-SPF related TXT records (which I also use).
Paul.
--
Paul Howarth <paul(_at_)city-fan(_dot_)org>