spf-discuss
[Top] [All Lists]

Re: Zonecuts specified in SPF draft

2004-12-29 21:34:20

On Wed, 29 Dec 2004, wayne wrote:

In 
<Pine(_dot_)LNX(_dot_)4(_dot_)44(_dot_)0412291338040(_dot_)2279-100000(_at_)sokol(_dot_)elan(_dot_)net>
 "william(at)elan.net" <william(_at_)elan(_dot_)net> writes:

DNS administrators typically do not see one record applying for everything
else in that zone and for all subdomains. It never happened before and they
will not realize it until somebody tells them. Some will consider it usefull
and some will not but I think majority who add the record will not know 
about its "*" applicability. That is why I said that one of the best ways
to use specify "*"-like subdomain "*spf*" or possibly just "**" (this 
being more if possibly other applications follow spf on zonecut tests).

Well, things like the SOA record and the NS records apply to all
subdomains that are within the same zone.

NS and SOA are records have special meaning when they are on the root of 
zone - SOA is not used at all except at the zone boundary and NS have 
slightly different meaning when not at zone boundary. And in case of NS 
and SOA its the name server that provides these records as part of the 
answer not application that queries for them (unless specifically directed 
to do so).

There certainly is a lot of ignorance and misunderstandings with
respect to the DNS system among many (most?) people.  It is my opinion
that most people assume (possibly incorrectly) that if the put an SPF
record in the domain, they cover all subdomains. 

I certainly do not assume that and don't think that others that administer
dns would do either. Greater majority of the spf records will be entered
by those who actually administer dns and not directly by end-users so I
do not think anybody would make an assumption that SPF record applies
for subdomains and many do know that its '*' that makes certain record
apply for subdomains (which some incorrectly assume would apply to those
names that appear in zone file while in reality '*' is for all the names
that are not specifically mentioned).

Mind you, most people probably don't have a clear understanding of what 
a "subdomain" is.

It should not be our goal to get those users to enter spf records directly
because they are more likely screw up and they might not even know what
are ip addresses and which MTAs the email for that domain comes through.

---

For right now I request that this issue be deferred until there are
more people at SPF come back from vacation (for last two weeks traffic
at spf-discuss has been several times smaller) and that afterwards SPF 
Council review the issue based on discussions and decide if its going
to be included in SPF draft and how. 

Actually in my opinion it would probably be good if IETF agree to defer
evaluation and that latest draft be submitted about January 10th -  
otherwise I don't think there would be enough time to really review
the text at SPF (i.e. its only after about 3rd or 4th that people will 
begin to work again).

-- 
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net


<Prev in Thread] Current Thread [Next in Thread>