You missed the point!
"**" would be a new type of wildcard. It will apply to all records with "a"
records (or any records), but not to non-existent entries.
This would require a change to bind!
And it would require a new record type! Else it would conflict with non-spf
txt records.
Read the idea from Rodger Moser:
<Roger>
Fifth solution:
In the DNS server software implement a new wildcard with the meaning "Use
this RR if there is no RR of the same type and only if the subdomain exists
(has other RRs)".
The advantage is that only the site that publish such a wildcard has to
change anything.
For example:
watkins-home.com. txt "v=spf1 ..."
**.watkins-home.com. txt "v=spf1 -all"
www.watkins.home.com. a 1.2.3.4
Querying www.watkins.home.com would return "v=spf1 -all" and querying
xyz.watkins.home.com would return NXDOMAIN.
Roger
</Roger>
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of
william(at)elan.net
Sent: Thursday, September 09, 2004 12:24 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Wildcard DNS entry
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Roger
Moser
Sent: Thursday, September 09, 2004 3:18 AM
Fifth solution:
In the DNS server software implement a new wildcard with the meaning
"Use this RR if there is no RR of the same type and only if the subdomain
exists (has other RRs)".
The advantage is that only the site that publish such a wildcard has to
change anything.
For example:
watkins-home.com. txt "v=spf1 ..."
**.watkins-home.com. txt "v=spf1 -all"
www.watkins.home.com. a 1.2.3.4
On Thu, 9 Sep 2004, guy wrote:
I was thinking of the same thing, or similar.
I was thinking of a default. But I like the wild wildcard idea better.
Of the 5 options so far, I like this the best!
But it should wait until the dedicated record type is assigned. Otherwise
bind would not know the difference between two unrelated txt records.
The "fifth" solution implies a dynamicly generated dns response which dns
server implementor can do already and it does not require "dedicated
record type" - this is not something for standartization, it can simply
be an internal feature (i.e. dynamic dns record feature) of dns server
with no difference being made for protocol itself or how clients see it.
It should be understood however that such solution would be incompatible
with DNSSEC and signed zones (like any other dynamic dns). More important
is that this solution is imcompatible in case any subdomain is deligated
further to another dns server.
So if we have:
watkins-home.com. IN txt "v=spf1 ..."
**.watkins-home.com. IN txt "v=spf1 -all"
www.watkins-home.com. IN A 10.20.30.40
amigos.watkins-home.com. IN NS ns1.example.com.
amigos.watkins-home.com. IN NS ns2.example.com.
Than while your "wild wildcard" would work for www.watkings-home.com, it
is not possible to make it work for www.amigos.watkings-home.com. But
maybe that is what people actually want - to have better control over
dns zone records you directly manage but if you subdeligate the
responsibility is with whoever subdeligation is made to.
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com