spf-discuss
[Top] [All Lists]

RE: Draft ammendments on DNS lookup limits

2005-03-18 15:22:53
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Radu 
Hociung
Sent: Friday, March 18, 2005 5:04 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Draft ammendments on DNS lookup limits


Scott Kitterman wrote:
OK.  I'd have to figure out how to get the updated record (from flatten)
published, but I imagine that's manageable.

I use a zone template file, and using a Makefile I can update it any
time anything in my zone changes. This system works very well.

That works for those running their own DNS.  For those of us with outsource
DNS it's a little more troublesome.  It looks to me like I'd have to have
the job alert me that there was a change and then updated the file
manually...

I don't think that my situation is to far outside the norm, so I do think
your limits are a bit low.  Basically it seem that you want
almost everyone
with anything other than the simplest of situations to have to go to the
added complexity of compiling and updating the record.  I'd say
start with a
higher limit and then push to have it reduced over time.  If you
start with
the limit to low (and I think 10 is to low), you'll just drive
people away.
If efficiency is really required, people will push for it, but I
think it's
really to soon to know if it's a major issue.  Heck, if it's a really big
problem, we'll all probably end up using CSV.

Well, I think whatever limit we chose now, will remain the limit for the
rest of time. It will be much more difficult to change it later than to
do the "right thing" from the beginning.

You are probably right about it not changing.  I think that initially, to
low a limit will scare people away (10 would do me in).  Later on as Moore's
law marches on it won't be such a big deal.  I think it's better to be
generous that too stingy with the limit.

Now, looking at your results, some things seem amiss.  Here's my current
record:


Thank you for looking into the results more closely. I did the
following massaging to the ouput of the utility, and thus I added
a couple of extra 'bugs':

- formatted the text for inclusion in email.
- manually added the # of queries based on a quick visual
  inspection. It seems I did it wrong. The release version of the
  utility will automatically evaluate the resulting record, but
  it does not do it yet.

The spfcompile program needs more work, and I could use some
beta-testing help. I would have not included its output if I
werent' challenged to show a less expensive record.

OK.  I knew it wasn't done yet.  I gave you the feedback to help out with
the work in progress.  My coding isn't so great, so I help out where I can.

I think your megapath ISP should be smacked for needlessly
publishing such an expensive record. Their compiled record looks
like this:

spfcompile -sender s(_at_)megapathdsl(_dot_)net

  Compiled record (10 mechs, len 155):

  v=spf1 ip4:66.80.60.21 ip4:66.80.60.20 ip4:66.80.60.31
  ip4:66.80.60.30 ip4:66.80.60.32 ip4:66.80.60.37 ip4:66.80.60.36
  ip4:66.80.60.38 ip4:66.80.130.3 -all


Suposedly they are in control of all their servers, so they can list
their IPs, instead of references to them.

I'll put in a trouble call and see if I can get them to change it...


Regards,
Radu.

PS. You're right, I did not spend much time looking at your SPF record.

Scott Kitterman