wayne wrote:
Incomplete list of requested changes:
[Note to myself: indeed incomplete, I forgot "Received-SPF:"
+ IANA considerations about new headers specified in RfC 3864]
The limit on 10 mechanisms
[...]
obviously, I completely agree with this.
- at most 5 MX + 5 PTR + 10 check_host() [Wayne]
In my lastest version, I've removed the 10 check_host() limit
since the 10 mechanism limit makes it completely redundant.
The limits on MX and PTR RR lookups is 10, not 5. My initial
limits in libspf2 were 5
Okay, you have 3 magic numbers: 10 mechanisms (probably excl.
ip4/ip6), and for each MX resp. PTR mechanism at most 10 names.
And you said that 10 MX is a realistic limit, T-Online with 8
is already unusual. While 10 PTR can be a real problem, it's
not necessarily nonsense or an attack.
I'd still prefer a simple solution with _one_ magic number in
the spec. The worst case with your limits are 110 DNS queries,
what's wrong with an overall hard limit of 100 queries, or 50 ?
In any case an explicit CAVEAT for authors is necessary in the
PTR chapter, "not recommended" doesn't explain the potential
problem with the limit (your 10 resp. an overall query limit).
- copy Randy Bush's "zone cut" algorithm from RfC 2181
I think it is much better to have a reference to RFC2181
rather than to duplicate the doc.
Okay. I just tested it with nslookup for xyzzy and the case
mail.japanservo.com.sg discussed in HELP, and got it at once,
RfC 2181 is "obvious", and it works even on my stoneage box
with an inappropriate tool.
Bye, Frank