spf-discuss
[Top] [All Lists]

RE: Re: DNS load research

2005-03-21 14:17:54
You said:
"It's an interesting idea, but only of use to those with dedicated DNS
servers."

I ask:
Why?  I don't understand?

Thanks,
Guy

-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of Scott 
Kitterman
Sent: Monday, March 21, 2005 4:11 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Re: DNS load research

-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Guy
Sent: Monday, March 21, 2005 4:07 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] Re: DNS load research


Maybe you missed my point.  What I am suggesting is that my DNS server
compile my SPF record and publish the compiled record.  The TTL of the
compiled record must not exceed any TTL of any source info.  So, the
compiled SPF record would stay in cache (I guess) until the TTL is
exceeded.
Then re-compile it, or wait until someone asks for it, then
compile it.  All
of the source info can be cached as normal (like includes), or requested if
not in the cache.  The DNS protocol would not change!!!!!  Other
than having
a SPF record type.  Maybe even the TXT SPF record could be compiled, why
not?

I can see 5 options:
SPF-COMPILE (yes/no)   self explanatory IMO

SPF-FETCH (yes/no)     request any remote info, examples:
                              include:myisp.com
                              a=smtp.myisp.com

SPF-PRECOMPILE (yes/no)        Keep compiled SPF records handy so
SPF-NODELAY
                              would not normally apply.  I guess the
pre-compile                            should start before the old record
expires.

SPF-NODELAY (yes/no)   yes = if no compiled record is in memory,
                              then give un-compiled record now,
                              but also compile the record for future use.
                              No = don't respond until the SPF record is
compiled.

SPF-COMPILE-OTHER (yes/no)
                              Yes = Compile other people's SPF records
when they
                              are requested.  In this case, no need to
compile any
                              includes, those will be handled as another
request.                               I don't think this is a good option,
the DNS cache                          will handle this.

I don't understand you comment about the extra bandwidth.  Compiling an SPF
record(s) once every few hours would be less effort (bandwidth) than having
an expensive SPF record that takes 5-111 lookups every email (including
forged).

I did not intend a DNS server to compile other people's SPF records.
However, maybe that is a viable option also.  I think the DNS cache is good
enough.

So far, I have devoted 20 or so minutes to this idea!  I am sure
it could be
improved.

Guy

It's an interesting idea, but only of use to those with dedicated DNS
servers.  It's worth exploring as an efficiency, but it's not the kind of
solution that would be generally useful, so it really can't be a factor in
deciding what the overall load limit should be.

Scott Kitterman

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Read the whitepaper!  http://spf.pobox.com/whitepaper.pdf
To unsubscribe, change your address, or temporarily deactivate your
subscription, 
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com


<Prev in Thread] Current Thread [Next in Thread>