On Fri, Jan 14, 2005 at 08:56:50AM -0800, william(at)elan.net wrote:
Now as far as proposal:
1. We do it the right way and propose dns extension for '**' wildcards
which are matched for existing hosts that do not specifically have
certain RR (in our case we care about SPF and TXT RRs)
2. We specify that if there was NODATA/NOERROR response and the same
dns response contained AUTHORITY section with SOA then spf client
SHOULD manually try to check for '**' record at the root of that
authority zone (as found in SOA).
I take it you mean (1) _or_ (2), not (1) _and_ (2) ?
No, I mean (1) AND (2).
[snip - explanation]
Ack. This means publishing (proposal [2]) can start right now.
There's no need to wait. Proposal [1] may or may not be desirable
according to the powers that be. SPF implementations and DNS servers
will benefit if this proposal makes it, but there's no requirement.
However, I don't agree with the part where you say looking up
"**.${zonecut}" should only be done when an authority hint is
given. Either do zone cut lookups, or don't. Not somewhere in between.
Also by only using SOA data in AUTHORITY section if it was already present
from original DNS lookup we remove complex algorithm that is necessary
for clients to implement to actually locate this zonecut (which requires
additional 1 or more dns lookups), this is good for implementors and good
because number of dns lookups that are necessary are fixed.
Is it really that complex? Either it isn't, or you don't agree
with the pseudo code I wrote in my previous email.
2. By DNS standards SOA MUST be returned only if its actual ZONECUT
and for all other cases its not mandatory.
- in practice most dns servers do return it even if you look up hostname
within zone but not directly zonecut
They don't really return it, they hint where the information can
be found. "The number of answers is zero and this is an authoritative
answer, given by $authority". Or do you actually get an answer, not
a hint, when you query for the SOA record somewhere down the zone?
cheers,
alex