You missed one!
4.5. example.co.uk
I had said once before that we need a service that lists top level domains.
Then you would know where to stop. co.uk would be listed as a top level
domain. A small sample of the list: ".", "com.", "co.uk.".
What if someone were selling sub domains, then they should be added too,
maybe. Example: at one time "Watkins.net." was selling sub domains. So I
could have bought "guy.watkins.net." So, "Watkins.net." maybe should be
considered a top level domain. Maybe not! Just a thought.
I don't like climbing the tree anymore. I think you convinced me. :)
F'ing DOS, ...oops... DoS. :)
Guy
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of
william(at)elan.net
Sent: Thursday, September 09, 2004 10:14 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: Fw: [spf-discuss] Wildcard DNS entry
----- Original Message -----
From: "jpinkerton" <johnp(_at_)idimo(_dot_)com>
To: <spf-discuss(_at_)v2(_dot_)listbox(_dot_)com>
What is a parent of "my.very.long.domain.example.com"?
If you say its "example.com", how are going to decide when you see
"my.very.long.domain.example.co.uk" ?
Can you not use multiple wildcards -
*.example.com
*.*.example.com
*.*.*.example.com
etc. ad nauseum?
I. There can be only one wildcard under the domain, i.e. *.example.com
will reach anything below and its not necessary to do *.*.example.com
so please don't do examples as above
II.If the question is really can you ask SPF validating agent who needs to
find about "my.very.long.domain.example.co.uk" to do lookup as follows:
1. my.very.long.domain.example.co.uk
2. very.long.domain.example.co.uk
3. long.domain.example.co.uk
4. domain.example.co.uk
5. co.uk
The result will be large number of dns lookups that are necessary
(leading "ad nauseum" ..) and still its not precisely clear where to
stop. As you can see from above the stop should be at #4, but if
domain owner failed to put SPF record on #4, you will end up going
to co.uk leading to overloading CCTLD dns server with bogus queries
(and if I were co.uk operator I would get mad as hell ...).
Additionally the above opens up number of interesting and DoS
possibilities giving the attacker a "low-cost" option of how to
cause victim to perform queries in the 10 times or more in numbers
then what it attacker himself did.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com