spf-discuss
[Top] [All Lists]

Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt

2005-01-12 06:15:27
On Wed, Jan 12, 2005 at 03:11:38AM -0800,
 william(at)elan.net <william(_at_)elan(_dot_)net> wrote 
 a message of 939 lines which said:

but actual start of authority domain is the same no matter if you
lookup for SOA or NS.

Not really, see later.

I preferred SOA because that is real authority data 
...
This all points out that using existing DNS RFC2181 as reference for
what we want is probably not the best idea

I assume that RFC 2181 uses NS for a reason. I do not know it but we
could ask the authors or Google or the namedroppers' archive.

and that we need new separate draft document explaining how these
new zonecut default answer wildcards are supposed to work and how
dns server can simulate and synthesize the answer and how dns client
(or dns resolver) can find it if the answer was not available by
finding correct zonecut

Good luck for the discussion on namedroppers :-)

Below are the results of me checking .ac as Stephane suggested - as
you can see they always provide same zonecut domain name
answers. The difference does exist for sub.domain.com where some of
the servers do provide the answer but majority do not.

This is because some name servers of the TLD are recursive but not all
(there is a "rd" in your flags but not always a "ra" in the
answer). Check with "dig +norecurse" and you'll see a different
picture, specially for zone cuts.