-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of John A.
Martin
Sent: Saturday, March 19, 2005 10:15 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Re: Draft ammendments on DNS lookup limits
"Scott" == Scott Kitterman
"RE: Draft ammendments on DNS lookup limits"
Fri, 18 Mar 2005 17:22:53 -0500
>> I use a zone template file, and using a Makefile I can update
>> it any time anything in my zone changes. This system works very
>> well.
Scott> That works for those running their own DNS. For those of
Scott> us with outsource DNS it's a little more troublesome.
Hmmm... several domains under my influence use a number of
"outsourced" slave nameservers that pull their zone files from
individually maintained "stealth" nameservers that do not respond to
normal queries from "The Net". This seems to have worked very well
for years and I've not yet run into a "captive audience" (ISP/hosting
provider) nameserver that will not pull from a stealth master
nameserver. The stealth master needs to be 24x7 but can be on a slow
link. With such an arrangement you can use a Makefile to maintain
your zone files just like some "real people" do.
jam
Yes, there are outsource setups that work like that. There are also very
many that only allow manual changes through either a trouble ticket or
access via a web interface. For those types of setups, this kind of record
flattening just isn't feasible.
Bottom line is that forcing a single SPF record to directly maintain an
accurate IP address list across administrative boundries is inherently
dangerous. Unless the update interval is zero, there is a period where by
design the record is irretreivably wrong.
Scott Kitterman