Alan,
Thanks for your description of DNS, and your willingness to help with my
dumb questions. I guess we lost track of the question somewhere in this
long thread. The question is -- Why doesn't SPF make more extensive use of
the built-in recursion capability of DNS?
This question was motivated by the struggle I'm seeing over the question of
how many DNS queries to allow. The rr.com example had difficulty fitting
within the allowed 10 queries. Radu suggests "flattening" all records to
just a list of IPs. That might be inconvenient for a domain that wishes to
"delegate" all responsibility for these records to their subdomains.
The seemingly obvious solution is that rr.com answer all queries to
nameservers in any of their subdomains, using the recursion mechanism in
DNS. That way, the DNS records maintained by each subdomain can be very
simple, and you don't run into any 10-query limit at rr.com. I must be
missing something, because it seems too simple.
Your description suggests that only the client's nameserver should do
recursive queries. That would not accomplish the purpose of minimizing
traffic across the Internet. On the other hand, I find on p.192 in Stevens
- "most nameservers provide recursion, except some root servers". That
makes sense, because you wouldn't want to tie up the .com server resolving
queries for every sub.domain.com on the planet. It is quite reasonable,
however, to tie up the rr.com nameserver in resolving queries for *any* of
its subdomains. Better they do it than burden the client. Also, they only
have to query their subdomains once a day, then they can provide answers
directly out of their cache.
I hope my question ( or the source of my confusion ) is a little more clear
now.
-- Dave
************************************************************* *
* David MacQuigg, PhD * email: dmq'at'gci-net.com * *
* IC Design Engineer * phone: USA 520-721-4583 * * *
* Analog Design Methodologies * * *
* * 9320 East Mikelyn Lane * * *
* VRS Consulting, P.C. * Tucson, Arizona 85710 *
************************************************************* *