spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Wildcard DNS entry

2004-09-09 08:24:28
from [guy] [Permanent Link] 
I was thinking of the same thing, or similar.
I was thinking of a default.  But I like the wild wildcard idea better.
Of the 5 options so far, I like this the best!
But it should wait until the dedicated record type is assigned.  Otherwise
bind would not know the difference between two unrelated txt records.
This would not work:

watkins-home.com.               txt     "v=spf1 ..."
**.watkins-home.com.    txt     "v=spf1 -all"
www.watkins.home.com.   a       1.2.3.4
www.watkins.home.com.   txt     "My first web server!"
hot.watkins.home.com.   a       1.2.3.5
hot.watkins.home.com.   txt     "v=spf1 a -all"
ftp.watkins.home.com.   a       1.2.3.6

The wildcard would protect ftp, but not www, since www has its own txt
record.  hot would have its own txt/spf record.

But once there is a new record type this would be fine:
watkins-home.com.               spf1    "v=spf1 ..."
**.watkins-home.com.    spf1    "v=spf1 -all"
www.watkins.home.com.   a       1.2.3.4
www.watkins.home.com.   txt     "My first web server!"
hot.watkins.home.com.   a       1.2.3.5
hot.watkins.home.com.   spf1    "v=spf1 a -all"
ftp.watkins.home.com.   a       1.2.3.6

hot could send email, www and ftp could not.

Guy


-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Roger 
Moser
Sent: Thursday, September 09, 2004 3:18 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Wildcard DNS entry

Meng Weng Wong wrote:


Yeah, there are four classes of solutions, really.

1) deprecate "implicit mx"
2) modify spec to allow searching up the tree, as Wayne has
   proposed in the past
3) put an SPF record on each host
4) encourage the world to assume "a/24 mx/24 ptr -all" for
   non-publishing domains


Fifth solution:

In the DNS server software implement a new wildcard with the meaning
"Use this RR if there is no RR of the same type and only if the subdomain
exists (has other RRs)".

The advantage is that only the site that publish such a wildcard has to
change anything.

For example:

watkins-home.com.       txt     "v=spf1 ..."
**.watkins-home.com.    txt     "v=spf1 -all"
www.watkins.home.com.   a       1.2.3.4

Querying www.watkins.home.com would return "v=spf1 -all" and querying
xyz.watkins.home.com would return NXDOMAIN.

Roger

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription, 
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: argh ... I wish people would RTFRFC, guy
Next by Date:  Re: Google's gmail.com checks spf records!, Mark
Previous by Thread:  Wildcard DNS entry, Roger Moser
Next by Thread:  Re: Wildcard DNS entry, Aredridel
Indexes:  [Date] [Thread] [Top] [All Lists]