spf-discuss
[Top] [All Lists]

RE: DNS Query Format

2005-03-25 13:08:45
-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Chris 
Haynes
Sent: Friday, March 25, 2005 1:03 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] DNS Query Format


"David MacQuigg" declared:


Which IP address?  IP Address in the DNS Query - did you mean
response?  The IP address of the requesting party is already known.
Sorry
to be obtuse, but I really don't understand what you mean.

As I understand it, an SPF query generated by a receiver
does not include
the sender's IP address in that query. That IP address is
passed as one of
the arguments to the check_host() function, but it is not used when
check_host() constructs the SPF query.  The DNS server which
receives the
query, therefore has no ability to run the SPF check itself,
or to log the
IP for later forensics, etc.

The IP address can be made available to the DNS server, by using the 'i'
macro
letter to insert the IP address into some extended form of the
domain to be
queried, thus making it available to the domain owner for validation,
analysis,
etc..

I don't see how this works.  The 'i' macro, to the DNS server, is nothing
but a pattern ( like %{i} ) to be sent as part of a string in
response to a
query from the DNS client.  As I understand it, that 'i' macro
is expanded
on the client side, so the server never sees the actual IP
address.  What I
am proposing is that the actual IP address be sent in the original query.

-- Dave


One of the 'ground rules' of SPF (current versions) is that is should not
require any change to the existing DNS protocols. Now there is
nowhere within
the current _protocol_ in which you could carry the IP address information
required, so one has to resort to a 'trick'.  As this is, effectively, a
communication from and back to the same person, the sender, no-one
else needs to
know about it. It's entirely transparent to the SPF receiver and to his DNS
server.

In outline it works like this:  Suppose an SMTP message is received from
111.222.333.444, and purports to be from the 'example.com' domain.
Using an
'exists' mechanism in the policy and the 'i' macro letter, the
policy sends a
DNS query to an address composed something like this:
111.222.333.444._spf.example.com.

(I'll leave it as an exercise for the reader to compose the macro
that does this
;-))

The DNS server for the domain 'example.com' ( a specially-modified, 'trick'
server) sees the '_spf' marker and knows to extract the numeric
address from the
query address.  Now it can do whatever it wishes with that
information before
sending back the result of the DNS query.

Chris


Here is a howto that I just remembered:

http://spf.idimo.com/how_to-s/how_to_track.html

Scott Kitterman


<Prev in Thread] Current Thread [Next in Thread>