RE: Wildcard DNS entry

[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Roger 
Moser
Sent: Thursday, September 09, 2004 3:18 AM

Fifth solution:

In the DNS server software implement a new wildcard with the meaning
"Use this RR if there is no RR of the same type and only if the subdomain
exists (has other RRs)".

The advantage is that only the site that publish such a wildcard has to
change anything.

For example:

watkins-home.com.     txt     "v=spf1 ..."
**.watkins-home.com.  txt     "v=spf1 -all"
www.watkins.home.com. a       1.2.3.4


On Thu, 9 Sep 2004, guy wrote:

I was thinking of the same thing, or similar.
I was thinking of a default.  But I like the wild wildcard idea better.
Of the 5 options so far, I like this the best!
But it should wait until the dedicated record type is assigned.  Otherwise
bind would not know the difference between two unrelated txt records.


The "fifth" solution implies a dynamicly generated dns response which dns 
server implementor can do already and it does not require "dedicated 
record type" - this is not something for standartization, it can simply
be an internal feature (i.e. dynamic dns record feature) of dns server 
with no difference being made for protocol itself or how clients see it. 

It should be understood however that such solution would be incompatible 
with DNSSEC and signed zones (like any other dynamic dns). More important
is that this solution is imcompatible in case any subdomain is deligated
further to another dns server.

So if we have:
  watkins-home.com.     IN txt  "v=spf1 ..."
  **.watkins-home.com.  IN txt  "v=spf1 -all"
  www.watkins-home.com. IN A    10.20.30.40
  amigos.watkins-home.com.  IN NS  ns1.example.com.
  amigos.watkins-home.com.  IN NS  ns2.example.com.

Than while your "wild wildcard" would work for www.watkings-home.com, it 
is not possible to make it work for www.amigos.watkings-home.com. But 
maybe that is what people actually want - to have better control over
dns zone records you directly manage but if you subdeligate the
responsibility is with whoever subdeligation is made to.

-- 
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Cloudmark calls it Microsoft's Sender ID (was Re: Seattle Perl User's Group presentation on SPF), (continued) Re: Cloudmark calls it Microsoft's Sender ID (was Re: Seattle Perl User's Group presentation on SPF), Steven Earl Smith Wildcard DNS entry, guy Re: Wildcard DNS entry, Meng Weng Wong RE: Wildcard DNS entry, Guy Re: Wildcard DNS entry, Koen Martens Re: Wildcard DNS entry, Paul Howarth Wildcard DNS entry, Roger Moser RE: Wildcard DNS entry, guy Re: Wildcard DNS entry, Aredridel RE: Wildcard DNS entry, Guy RE: Wildcard DNS entry, william(at)elan.net <= RE: Wildcard DNS entry, guy Re: Wildcard DNS entry, Stephane Bortzmeyer Re: Wildcard DNS entry, Roger Moser Re: Re: Wildcard DNS entry, Ralf Doeblitz Re: Wildcard DNS entry, Roger Moser Wildcard DNS entry, Roger Moser RE: Wildcard DNS entry, guy Wildcard DNS entry, Roger Moser Re: Wildcard DNS entry, Stephane Bortzmeyer Re: Wildcard DNS entry, Roger Moser