spf-discuss
[Top] [All Lists]

Re: DNS lookup limit?

2005-02-26 10:21:58
Julian Mehnle wrote:
Domain               |Queries min-max|  TXT  | PTR   |   A   |  MX   |
---------------------+---------------+-------+-------+-------+-------+
[...]

These are excellent surveys.  Thank you!

My pleasure.

I would love to hear some discussion on the limits though. It's one of
the points I need to resolve before releasing the 1.0.6 libspf2 library.

So far, I have a 41-query absolute maximum for any SPF record, and up to
10 each A, MX, PTR, TXT queries (not per mechanism, but per domain SPF
record). So if a record specifies 2 MX mechs with 7 A lookups each, that
counts as 2*MX + 14*A, so only the first 10*A will be done, and the result will be a PermError if none of the first 10 match.

These would be library maximums.

For the sendmail+spfmap release which depends on libspf2 1.0.6, I will set map defaults (which can be less than the library maximums, but never more) to something much more conservative, for instance 11 lookups total, including the initial TXT query to retrieve the SPF record.

Any thughts ?


For a domain that needs this much mail infrastructure, there are a few
easy ways to reduce the DNS load:

1. implement a real-time DNS lookup table that can be accessed with the
exists:%{ir}.mailhosts.rr.com for instance.

2. add a single "A" record that resolves to a long list of IPs.

3. Use includes and specify the mail servers by IP address, the way
hotmail is doing it.


There is a 4th option I'd like to add:

 4. Use subsidiary domains (florida.rr.com, etc.) _directly_ in sender
    addresses, so the main rr.com domain isn't responsible for _all_
    sending MTAs.

On the envelope sender only, I assume? It would be hard otherwise to get
all of RoadRunner's customers to change their email address.

So the headers would still be username(_at_)rr(_dot_)com, while the envelope would be username(_at_)florida(_dot_)rr(_dot_)com


<Prev in Thread] Current Thread [Next in Thread>