On Sat, 2 Apr 2005, Frank Ellermann wrote:
David MacQuigg wrote:
Is there any reason not to set up subdomains like
_SPF1.<domain> ?
Discussed on mxcomp (the former MARID list) many times. One
problem is obvious, if you can do something with the records
for FQDN, it doesn't necessarily mean that you can also do
something with _SPF.FQDN And the DNS crowd hated the idea.
Lets be clear about something. "DNS crowd" hated the idea of (ab)use of
TXT records and did not think that prefix addressed their concerns (they
are quite right). However when presented with choice between no prefix
and prefix they all agree that prefix is slightly more prefirable and
less likely to lead to collisions.
At mxcomp split was even 50/50 for those who wanted and did not want it
when this question was raised directly by group chair and almost every
technically sound argument was for prefix, however large number of SPF
folks there did not want it and main reasons presented were that their
registrar or dns provider did not support "_" in subdomains.
Another problem is less obvious, it doesn't work well with
wildcards. For almost all foobar.claranet.de (excl. names
like pop, www, and a few other exceptions) you get the same
wildcard policy as for xyzzy.claranet.de
It was shown after some people said that prefix could help with wildcard
issues, that using prefix does not help. However saying that they do not
work well with wildcards is wrong - they work no better or worse then no
prefix.
Of course this also covers _SPF.foobar and _SPF.xyzzy, but
the potential advantage of the prefix is lost.
No, potential is still there as they provide for less chance of
collisions.
Please check the mxcomp archive for more details and better explanations.
Very large thread started by this post will give you an idea of the issues
and following discussions on where prefixes do and do not help:
http://www.imc.org/ietf-mxcomp/mail-archive/msg03641.html
when the query for _SPF1.<domain> arrives at <domain>, that
the nameserver at <domain> will be smart enough to return
the final result.
Impossible unless you can get this through dns IETF WG and as I noted this
takes 5 years (and it must be general dns feature because same dns zone
maybe XFER to dns server that runs different software and all servers must
function the same, in theory at least).
Servers aren't smart, they implement protocols if you're lucky.
Most of the time they only pretend to implement a protocol. ;-)
If that was not so sad to hear, it would be funny how true it is :)
--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net