-----Original Message-----
From: Florian Weimer [mailto:fw(_at_)deneb(_dot_)enyo(_dot_)de]
Sent: Thursday, August 11, 2005 9:26 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Updating SPF type99 and TXT RR's:
Simultaneity is not guaranteed.
* Mark Shewmaker:
Section 4.5. of the spec, "Selecting Records" says that if you're
querying for both SPF and TXT record types that:
| 2. If there are both SPF and TXT records in the set and if
| they are not all identical, return a "PermError".
This leads to a problem.
Indeed. Unfortunately, SPF as specified is riddled with similar
problems:
<http://www.enyo.de/fw/software/exim/spf-update.html>
I urge the SPF folks to consider the updates mentioned at the end of
the document. The eleven-step update procedure to implement a simple
IP address change should provide some incentive to do this.
Interesting. One quick comment for you...
enyo.de. 3600 IN TXT ("v=spf1 a:212.9.189.167 "
"a:212.9.189.169 -all")
won't give you what you want. The 'a' mechanism takes a domain name
arguement, not a IP address.
http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-02.html#mec
h-a
A = "a" [ ":" domain-spec ] [ dual-cidr-length ]
See the collected ABNF for how that breaks out:
http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-02.html#anc
hor42
bottome line is that it can't be an IP address.
Another thought....
Suppose that you currently publish the following DNS records for enyo.de:
enyo.de. 172800 IN TXT "v=spf1 mx -all"
enyo.de. 172800 IN SPF "v=spf1 mx -all"
enyo.de. 172800 IN MX 10 mail.enyo.de.
mail.enyo.de. 172800 IN A 212.9.189.167
You want to change the IP address of mail.enyo.de from 212.9.189.167 to
212.9.189.169. So the new configuration should look like this:
enyo.de. 172800 IN TXT "v=spf1 mx -all"
enyo.de. 172800 IN SPF "v=spf1 mx -all"
enyo.de. 172800 IN MX 10 mail.enyo.de.
mail.enyo.de. 172800 IN A 212.9.189.169
Why not just activate the new IP, add a second A record for mail.enyo.de and
then delete the first one after you are sure that TTLs have expired?
First this:
enyo.de. 172800 IN TXT "v=spf1 mx -all"
enyo.de. 172800 IN SPF "v=spf1 mx -all"
enyo.de. 172800 IN MX 10 mail.enyo.de.
mail.enyo.de. 172800 IN A 212.9.189.167
mail.enyo.de. 172800 IN A 212.9.189.169
Then this:
enyo.de. 172800 IN TXT "v=spf1 mx -all"
enyo.de. 172800 IN SPF "v=spf1 mx -all"
enyo.de. 172800 IN MX 10 mail.enyo.de.
mail.enyo.de. 172800 IN A 212.9.189.169
Scott K