Martin G. Diehl wrote:
I understand that a series of requests must be made to
the DNS servers to read the records sequentially until
records with v=spf1 are read
At the moment that's one request with the same effect as
say `nslookup -q=txt ebay.com`. In that case you get
one reply with two TXT records, like getting several MXs
in the reply to a q=mx.
For v=spf1 pick the TXT record starting with v=spf1, if
there is exactly one. See the SPF standard.chapter 4.5
Later you would first try a q=spf. If you get anything
for this query process it in the same ways as above (4.5)
Otherwise try a q=txt as above. But that part is not yet
relevant, the SPF RR (resource record, like TXT, MX, ...)
will be assigned when the SPF standard is published as an
experimental RfC.
have the DNS server read the records until the matching
string was found
The DNS server has no idea that you only want TXT or SPF
records starting with v=spf1. It sends you all records
of the given type, like it would send you all MX records.
Therefore it's important, that all records fit into one
DNS reply (an UDP packet), and that we get our very own
SPF RR a.s.a.p. See the SPF standard chapter 3.1.4:
SHOULD fit. Otherwise SPF implementations MAY ignore it
instead of trying TCP.
Bye, Frank
--
Bind has a whole range of weird and wonderful behaviours with caching
and recursion. I suspect that using 127.0.0.1 as an authoratitive server
is probably a good way of exercising some of the dirtier corners.
[Steve Atkins <http://archive.iecc.com/article/spamtools/20040326023>]