Re: DNS Query Format
2005-03-25 11:03:00
"David MacQuigg" declared:
Which IP address? IP Address in the DNS Query - did you mean
response? The IP address of the requesting party is already known.
Sorry
to be obtuse, but I really don't understand what you mean.
As I understand it, an SPF query generated by a receiver does not include
the sender's IP address in that query. That IP address is passed as one of
the arguments to the check_host() function, but it is not used when
check_host() constructs the SPF query. The DNS server which receives the
query, therefore has no ability to run the SPF check itself, or to log the
IP for later forensics, etc.
The IP address can be made available to the DNS server, by using the 'i'
macro
letter to insert the IP address into some extended form of the domain to be
queried, thus making it available to the domain owner for validation,
analysis,
etc..
I don't see how this works. The 'i' macro, to the DNS server, is nothing
but a pattern ( like %{i} ) to be sent as part of a string in response to a
query from the DNS client. As I understand it, that 'i' macro is expanded
on the client side, so the server never sees the actual IP address. What I
am proposing is that the actual IP address be sent in the original query.
-- Dave
One of the 'ground rules' of SPF (current versions) is that is should not
require any change to the existing DNS protocols. Now there is nowhere within
the current _protocol_ in which you could carry the IP address information
required, so one has to resort to a 'trick'. As this is, effectively, a
communication from and back to the same person, the sender, no-one else needs to
know about it. It's entirely transparent to the SPF receiver and to his DNS
server.
In outline it works like this: Suppose an SMTP message is received from
111.222.333.444, and purports to be from the 'example.com' domain. Using an
'exists' mechanism in the policy and the 'i' macro letter, the policy sends a
DNS query to an address composed something like this:
111.222.333.444._spf.example.com.
(I'll leave it as an exercise for the reader to compose the macro that does this
;-))
The DNS server for the domain 'example.com' ( a specially-modified, 'trick'
server) sees the '_spf' marker and knows to extract the numeric address from the
query address. Now it can do whatever it wishes with that information before
sending back the result of the DNS query.
Chris
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- query format, load, and stunt servers, oh my, (continued)
- query format, load, and stunt servers, oh my, Andy Bakun
- New draft (was: query format, load, and stunt servers, oh my), Frank Ellermann
- Re: New draft (was: query format, load, and stunt servers, oh my), David MacQuigg
- Re: New draft, Frank Ellermann
- RE: HELO/EHLO Check Processing Limits (was: New draft (was: query format, load, and stunt servers, oh my)), Scott Kitterman
- Re: HELO/EHLO Check Processing Limits (was: New draft (was: query format, load, and stunt servers, oh my)), Frank Ellermann
- Re: DNS Query Format, Commerco WebMaster
- Re: DNS Query Format, David MacQuigg
- Re: DNS Query Format, Chris Haynes
- Re: DNS Query Format, David MacQuigg
- Re: DNS Query Format,
Chris Haynes <=
- RE: DNS Query Format, Scott Kitterman
- Re: DNS Query Format, David MacQuigg
- Re: DNS Query Format, Radu Hociung
- Re: DNS Query Format, David MacQuigg
- Re: DNS Query Format, Chris Haynes
- Re: DNS Query Format, william(at)elan.net
- Re: DNS Query Format, David MacQuigg
- Re: DNS Query Format, Chris Haynes
- Re: DNS Query Format, David MacQuigg
- Re: DNS Query Format, Frank Ellermann
|
|
|