This is probably a naive question, but please understand, I'm an electrical
engineer, not a DNS expert. My knowledge of DNS is from Chapter 14 in
TCP/IP Illustrated, W.R.Stevens.
As I understand it, DNS provides a "recursive query" capability whereby one
query to a domain like rr.com will provide an authoritative answer for any
subdomain under rr.com. Even if the DNS server at rr.com doesn't have the
complete DNS records for all its subdomains, they will most likely be in a
local cache, since there will be frequent queries to rr.com for this
information.
Seems like we should *require* that SPF queries set the RD bit (recursion
desired), and expect that any domain with as complex a setup as rr.com set
the RA bit (recursion available). Then DNS will do the recursion (not some
SPF checking program), and each subdomain will have its own very simple SPF
record.
-- Dave
************************************************************* *
* David MacQuigg, PhD * email: dmq'at'gci-net.com * *
* IC Design Engineer * phone: USA 520-721-4583 * * *
* Analog Design Methodologies * * *
* * 9320 East Mikelyn Lane * * *
* VRS Consulting, P.C. * Tucson, Arizona 85710 *
************************************************************* *