RE: DNS Query Format
2005-03-25 13:08:45
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Chris
Haynes
Sent: Friday, March 25, 2005 1:03 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] DNS Query Format
"David MacQuigg" declared:
Which IP address? IP Address in the DNS Query - did you mean
response? The IP address of the requesting party is already known.
Sorry
to be obtuse, but I really don't understand what you mean.
As I understand it, an SPF query generated by a receiver
does not include
the sender's IP address in that query. That IP address is
passed as one of
the arguments to the check_host() function, but it is not used when
check_host() constructs the SPF query. The DNS server which
receives the
query, therefore has no ability to run the SPF check itself,
or to log the
IP for later forensics, etc.
The IP address can be made available to the DNS server, by using the 'i'
macro
letter to insert the IP address into some extended form of the
domain to be
queried, thus making it available to the domain owner for validation,
analysis,
etc..
I don't see how this works. The 'i' macro, to the DNS server, is nothing
but a pattern ( like %{i} ) to be sent as part of a string in
response to a
query from the DNS client. As I understand it, that 'i' macro
is expanded
on the client side, so the server never sees the actual IP
address. What I
am proposing is that the actual IP address be sent in the original query.
-- Dave
One of the 'ground rules' of SPF (current versions) is that is should not
require any change to the existing DNS protocols. Now there is
nowhere within
the current _protocol_ in which you could carry the IP address information
required, so one has to resort to a 'trick'. As this is, effectively, a
communication from and back to the same person, the sender, no-one
else needs to
know about it. It's entirely transparent to the SPF receiver and to his DNS
server.
In outline it works like this: Suppose an SMTP message is received from
111.222.333.444, and purports to be from the 'example.com' domain.
Using an
'exists' mechanism in the policy and the 'i' macro letter, the
policy sends a
DNS query to an address composed something like this:
111.222.333.444._spf.example.com.
(I'll leave it as an exercise for the reader to compose the macro
that does this
;-))
The DNS server for the domain 'example.com' ( a specially-modified, 'trick'
server) sees the '_spf' marker and knows to extract the numeric
address from the
query address. Now it can do whatever it wishes with that
information before
sending back the result of the DNS query.
Chris
Here is a howto that I just remembered:
http://spf.idimo.com/how_to-s/how_to_track.html
Scott Kitterman
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- New draft (was: query format, load, and stunt servers, oh my), (continued)
- RE: HELO/EHLO Check Processing Limits (was: New draft (was: query format, load, and stunt servers, oh my)), Scott Kitterman
- Re: HELO/EHLO Check Processing Limits (was: New draft (was: query format, load, and stunt servers, oh my)), Frank Ellermann
- Re: DNS Query Format, Commerco WebMaster
- Re: DNS Query Format, David MacQuigg
- Re: DNS Query Format, Chris Haynes
- Re: DNS Query Format, David MacQuigg
- Re: DNS Query Format, Chris Haynes
- RE: DNS Query Format,
Scott Kitterman <=
- Re: DNS Query Format, David MacQuigg
- Re: DNS Query Format, Radu Hociung
- Re: DNS Query Format, David MacQuigg
- Re: DNS Query Format, Chris Haynes
- Re: DNS Query Format, william(at)elan.net
- Re: DNS Query Format, David MacQuigg
- Re: DNS Query Format, Chris Haynes
- Re: DNS Query Format, David MacQuigg
- Re: DNS Query Format, Frank Ellermann
- Re: Re: DNS Query Format, David MacQuigg
|
|
|