RE: Updating SPF type99 and TXT RR's: Simultaneity is not guaranteed.

-----Original Message-----
From: Florian Weimer [mailto:fw(_at_)deneb(_dot_)enyo(_dot_)de]
Sent: Thursday, August 11, 2005 9:26 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Updating SPF type99 and TXT RR's:
Simultaneity is not guaranteed.


* Mark Shewmaker:

Section 4.5. of the spec, "Selecting Records" says that if you're
querying for both SPF and TXT record types that:

|   2.  If there are both SPF and TXT records in the set and if
|       they are not all identical, return a "PermError".

This leads to a problem.


Indeed.  Unfortunately, SPF as specified is riddled with similar
problems:

 <http://www.enyo.de/fw/software/exim/spf-update.html>

I urge the SPF folks to consider the updates mentioned at the end of
the document.  The eleven-step update procedure to implement a simple
IP address change should provide some incentive to do this.

Interesting.  One quick comment for you...

enyo.de.         3600  IN TXT  ("v=spf1 a:212.9.189.167 "
                                "a:212.9.189.169 -all")

won't give you what you want.  The 'a' mechanism takes a domain name
arguement, not a IP address.

http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-02.html#mec
h-a

A                = "a"      [ ":" domain-spec ] [ dual-cidr-length ]

See the collected ABNF for how that breaks out:

http://www.schlitt.net/spf/spf_classic/draft-schlitt-spf-classic-02.html#anc
hor42

bottome line is that it can't be an IP address.

Another thought....

Suppose that you currently publish the following DNS records for enyo.de:

enyo.de.       172800  IN TXT  "v=spf1 mx -all"
enyo.de.       172800  IN SPF  "v=spf1 mx -all"
enyo.de.       172800  IN MX   10 mail.enyo.de.
mail.enyo.de.  172800  IN A    212.9.189.167

You want to change the IP address of mail.enyo.de from 212.9.189.167 to

212.9.189.169. So the new configuration should look like this:


enyo.de.       172800  IN TXT  "v=spf1 mx -all"
enyo.de.       172800  IN SPF  "v=spf1 mx -all"
enyo.de.       172800  IN MX   10 mail.enyo.de.
mail.enyo.de.  172800  IN A    212.9.189.169


Why not just activate the new IP, add a second A record for mail.enyo.de and
then delete the first one after you are sure that TTLs have expired?

First this:

enyo.de.       172800  IN TXT  "v=spf1 mx -all"
enyo.de.       172800  IN SPF  "v=spf1 mx -all"
enyo.de.       172800  IN MX   10 mail.enyo.de.
mail.enyo.de.  172800  IN A    212.9.189.167
mail.enyo.de.  172800  IN A    212.9.189.169

Then this:

enyo.de.       172800  IN TXT  "v=spf1 mx -all"
enyo.de.       172800  IN SPF  "v=spf1 mx -all"
enyo.de.       172800  IN MX   10 mail.enyo.de.
mail.enyo.de.  172800  IN A    212.9.189.169

Scott K

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: Updating SPF type99 and TXT RR's: Simultaneity is not guaranteed., Alex van den Bogaerdt

Next by Date:

Re: Updating SPF type99 and TXT RR's: Simultaneity is not guaranteed., Florian Weimer

Previous by Thread:

Re: Updating SPF type99 and TXT RR's: Simultaneity is not guaranteed., Florian Weimer

Next by Thread:

Re: Updating SPF type99 and TXT RR's: Simultaneity is not guaranteed., Florian Weimer

Indexes:

[Date] [Thread] [Top] [All Lists]