Maybe you missed my point. What I am suggesting is that my DNS server
compile my SPF record and publish the compiled record. The TTL of the
compiled record must not exceed any TTL of any source info. So, the
compiled SPF record would stay in cache (I guess) until the TTL is exceeded.
Then re-compile it, or wait until someone asks for it, then compile it. All
of the source info can be cached as normal (like includes), or requested if
not in the cache. The DNS protocol would not change!!!!! Other than having
a SPF record type. Maybe even the TXT SPF record could be compiled, why
not?
I can see 5 options:
SPF-COMPILE (yes/no) self explanatory IMO
SPF-FETCH (yes/no) request any remote info, examples:
include:myisp.com
a=smtp.myisp.com
SPF-PRECOMPILE (yes/no) Keep compiled SPF records handy so SPF-NODELAY
would not normally apply. I guess the
pre-compile should start before the old record
expires.
SPF-NODELAY (yes/no) yes = if no compiled record is in memory,
then give un-compiled record now,
but also compile the record for future use.
No = don't respond until the SPF record is
compiled.
SPF-COMPILE-OTHER (yes/no)
Yes = Compile other people's SPF records
when they
are requested. In this case, no need to
compile any
includes, those will be handled as another
request. I don't think this is a good option,
the DNS cache will handle this.
I don't understand you comment about the extra bandwidth. Compiling an SPF
record(s) once every few hours would be less effort (bandwidth) than having
an expensive SPF record that takes 5-111 lookups every email (including
forged).
I did not intend a DNS server to compile other people's SPF records.
However, maybe that is a viable option also. I think the DNS cache is good
enough.
So far, I have devoted 20 or so minutes to this idea! I am sure it could be
improved.
Guy
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Marc
Alaia
Sent: Monday, March 21, 2005 3:12 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Re: DNS load research
Maybe one day there will be an SPF record type. Then the DNS servers
could optionally compile the SPF record to a simpler (less expensive)
form, automatically! Even "include:"s could be pulled in, as long as
the TTL is obeyed, and the SPF record re-compiled when something
expires.
That would be awsome. But even then we'll have to support 'legacy' SPF
clients, and they will seem awfully expensive by comparison to the
server-compiled SPF records, but we'll be stuck with them.
And how is this any better than the existing 'problem'? You are
proposing removing some processing and traffic in favor of more
processing and bandwith. Your proposal involves changing DNS servers so
that they would have to take a 'source' (i.e. SPF Classic) TXT record
(which they will have to keep on hand for periodic recompiling) and
compile it into a all-IP SPF record. Your proposal now also requires
that the authoritative DNS server for this domain must either keep in
cache every piece of information to compile the record or periodically
go out and re-request this information. So all of the bandwith and
processing that you propose to save has been reconsumed.
Marc
-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper! http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com