On Fri, 12 Nov 2004, Alex van den Bogaerdt wrote:
On Thu, Nov 11, 2004 at 03:27:38PM -0800, william(at)elan.net wrote:
There's one piece of structure we may want to consider: The version.
domain.tld 86400 IN SPF 1 mx -all
domain.tld 86400 IN SPF pra ?all
Remember that version would need to be binary and not alphanumeric (it may
still be alphanumeric when record is entered if bind understands and knows
scopes) with its own IANA registry.
Sure, we need to really think about this. Separating the version could,
for instance, result in being able to query for a record that checks
RFC821 addresses, RFC822 addresses, or both.
I really like the idea of separating the version number. I just wanted to
point out that DNS doesn't currently support limiting the query to certain
matching data. That is, when you query on the "SPF" type you get ALL the SPF
records. The domain owner is still responsible for ensuring that all SPF
records combined are less than 512 bytes. If we want to be able to limit the
query by version, I think the only way to do that is to request a new RR Type
for each version.
It's still a great idea for other reasons.
--
Greg Connor
gconnor(_at_)nekodojo(_dot_)org
Everyone says that having power is a great responsibility. This is a lot
of bunk. Responsibility is when someone can blame you if something goes
wrong. When you have power you are surrounded by people whose job it is
to take the blame for your mistakes. If they're smart, that is.
-- Cerebus, "On Governing"