spf-discuss
[Top] [All Lists]

Re: Re: DNS load research

2005-03-24 11:17:38
On Thu, 2005-03-24 at 11:43, David MacQuigg wrote:
So far I've 
only heard vague objections to making an SPF record compiler part of the 
running setup on a DNS server.  

I think this is based on the fact that DNS gurus were kind of turned off
by what SPF was doing with TXT, and no one could come to an official
agreement on if SPF should use TXT, or its own record, and no one really
thought making changes to DNS servers was a viable option for
wide-spread deployment.  I believe someone with prominent placement in
bind9's development (Vixie maybe?  Forgive me if I'm wrong or
misremembering) said they were not going support making any changes to
bind9 to support SPF.  As such, concepts related to touching DNS servers
at all are somewhat sticky points.

It certainly doesn't require abandoning 
SPF, or even patching the DNS servers.  An SPF compiling daemon could 
interface with a DNS server by simply updating the DNS records.

I may be wrong on this, but deploying a script that runs via cron and
updates zone files may be considered risker than just deploying a new
DNS server package from your vendor that is SPF aware (the latter
implies source changes to the DNS server, even though it doesn't
necessarily mean that).

I have spent some time wading through the bind9 source trying to figure
out how to add MX records (and the resultant A records) to the
additional section of the response when sending an SPF TXT RR, as a
first step (admittedly not the final step) to making DNS servers SPF
aware and cutting down on total queries.  Unfortunately, I have not made
as much progress as I'd like.

It might be better to set up a zone that gets updates via DDNS, and have
the compiler publish them that way.  Before I consider starting on this,
there has to be someone already working on this obvious solution, right?
:)

-- 
Andy Bakun <spf(_at_)leave-it-to-grace(_dot_)com>


<Prev in Thread] Current Thread [Next in Thread>