-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com]On Behalf Of Stuart
D. Gathman
Sent: Thursday, July 21, 2005 10:29 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: RE: [spf-discuss] CNAME limit
On Thu, 21 Jul 2005, Scott Kitterman wrote:
That tends, I think, to reinforce the interpretation that CNAME
chains are
disallowed by RFC 2181.
Not by my reading.
So, a conservative approach, that a validator might take, would be be
PermError if they hit a chain, because receivers might do that based on
2181, but, even though 2181 is 8 years old, it's not entirely
clear and so
an operational checker would likely want to be more liberal.....
Your suggestion is equivalent to a max chain length of 1.
I still say that CNAME chains are in the same category with MX and PTR.
For all three, the DNS server typically packs all the records into a single
packet. For all three, the length of the list (or chain) is arbitrary.
For MX and PTR, SPF looks at the first 10 only. I maintain that
SPF should look at the first 10 in a CNAME chain also. Whether the
result should be PermErr, or equivalent to NX_DOMAIN, is open to question.
Actually, given the way the other mechanisms work, it should be NX_DOMAIN I
think. This is another one of those cases where mechanism evaluation is
potentially silently incomplete.
Scott K