william(at)elan.net [william(_at_)elan(_dot_)net] wrote:
On Fri, 14 Jan 2005, Julian Mehnle wrote:
2. Like the name-server-side special handling of NS and SOA records,
give name-server-side special handling to new SPF-type records.
Specify the new SPF RR type such that name servers should perform
the zone cut defaulting internally. Some would say this is a
problem because it would require the new RR type to be
implemented in name servers before the feature could be used. I
would say this could be an incentive to actually get the new RR
type implemented. :-)
Above will not work for TXT records
That's exactly what I said.
and I think it maybe blocked by DNS people for proposing such special
record (or at least delayed).
That would only show their blatant reactionariness.
I have a proposal similar to above. First we do need to recognize and
specify that making spf records available for all hosts that send email
is responsibility of the domain owner and that wildcards is a tool for
domain dns administrator.
Now as far as proposal:
1. We do it the right way and propose dns extension for '**' wildcards
which are matched for existing hosts that do not specifically have
certain RR (in our case we care about SPF and TXT RRs)
2. We specify that if there was NODATA/NOERROR response and the same
dns response contained AUTHORITY section with SOA then spf client
SHOULD manually try to check for '**' record at the root of that
authority zone (as found in SOA).
I guess you mean "try to check for SPF record at the root of that
authority zone", right? There is no way in DNS to explicitly check for
wildcard records, be it "*" or "**". (I'd actually name it "*!" instead
of "**", BTW.)
Are you aware that your proposal actually implies acknowledging the
current client-side zone cut defaulting algorithm, albeit formally just as
a fallback? ;-)