spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: DNS Query Format

2005-03-27 15:50:15
from [David MacQuigg] [Permanent Link]
> > > As I understand it, an SPF query generated by a receiver does not include > > > the sender's IP address in that query. That IP address is passed as one of 
> > > the arguments to the check_host() function, but it is not used when
> > > check_host() constructs the SPF query. The DNS server which receives the > > > query, therefore has no ability to run the SPF check itself, or to log the 
> > > IP for later forensics, etc.
> >
> >The IP address can be made available to the DNS server, by using the 'i' macro > >letter to insert the IP address into some extended form of the domain to be 
> >queried, thus making it available to the domain owner for validation,
> >analysis, etc..
>
> I don't see how this works.  The 'i' macro, to the DNS server, is nothing
> but a pattern ( like %{i} ) to be sent as part of a string in response to a
> query from the DNS client.  As I understand it, that 'i' macro is expanded
> on the client side, so the server never sees the actual IP address.  What I
> am proposing is that the actual IP address be sent in the original query.

One of the 'ground rules' of SPF (current versions) is that is should not
require any change to the existing DNS protocols.


Then SPF is already sunk.  It requires a new resource record.


Now there is nowhere within
the current _protocol_ in which you could carry the IP address information
required, so one has to resort to a 'trick'.
I would be very surprised if the designers of DNS did not anticipate the need for new and different information to be added to a query. Looks to me like they even have an "additional information" field for that purpose. Please tell me where I find any prohibition on adding additional information to a query. 

-- Dave

************************************************************     *
* David MacQuigg, PhD      email:  dmquigg-spf at yahoo.com      *  *
* IC Design Engineer            phone:  USA 520-721-4583      *  *  *
* Analog Design Methodologies                                 *  *  *
*                                   9320 East Mikelyn Lane     * * *
* VRS Consulting, P.C.              Tucson, Arizona 85710        *
************************************************************ *
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re: Use of New Mask Mechanism, Radu Hociung
Next by Date:  Re: DNS Query Format, Radu Hociung
Previous by Thread:  RE: DNS Query Format, Scott Kitterman
Next by Thread:  Re: DNS Query Format, Radu Hociung
Indexes:  [Date] [Thread] [Top] [All Lists]