spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Re: Draft ammendments on DNS lookup limits

2005-03-21 15:35:00
from [Scott Kitterman] [Permanent Link] 
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Radu 
Hociung
Sent: Monday, March 21, 2005 5:02 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Re: Draft ammendments on DNS lookup limits


Scott Kitterman wrote:

FWIW I believe that Radu Hociung has made it abundantly clear that
indiscriminate inclusion of policy from outside one's sphere of
influence is largely a fool's errand.  Flattening has little to do
with the folly.



And yet he insists that I must do that to conform to his version of a
reasonable number of DNS queries.


No, I never did that... Please find where I said it's ok to flatten
across administrative boundaries. I showed that it _could_ be done to
temporarily alleviate an expensive record outside your control. The
other reason I showed it is to make the point the the spfcompiler SHOULD
and DOES make the difference between compiling, and flattening, and that
it does respect the boundaries of administrative control if you don't
force it to -flatten.

I also said that there are still bugs in it, so it's current output may
not be 100% correct.

And I did give you the compiled record (without -flatten) as well.

I did say that it should be strongly recommended (I believe I used the
termed smacked) that your ISP reduce their 11 lookup list of A
mechanisms down to a list of 10 IP's.

Radu.



When I say that 10 is too few because of ... and your answer is that 10 is
fine because I can publish a record that turns the included record into ip
addresses, how else am I to interpret that.

As I've said in another post, we COULD deprecate all the mechanisms except
ip4 and ip6 and then give RMX another try, but I don't think it would be a
good idea.

You can't have it both ways, either the limit has to be high enough to
support including complex policies that currently exist because flattening
across administrative boundaries is a bad idea or your limit is OK and
flattening across administrative boundaries is OK too.

Which do you want?

Scott Kitterman
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Re: DNS load research, Guy
Next by Date:  Re: Re: Draft ammendments on DNS lookup limits, Radu Hociung
Previous by Thread:  Re: Re: Draft ammendments on DNS lookup limits, Radu Hociung
Next by Thread:  Re: Re: Draft ammendments on DNS lookup limits, Radu Hociung
Indexes:  [Date] [Thread] [Top] [All Lists]