In <878xz8y59i(_dot_)fsf(_at_)mid(_dot_)deneb(_dot_)enyo(_dot_)de> Florian
Weimer <fw(_at_)deneb(_dot_)enyo(_dot_)de> writes:
* Mark Shewmaker:
Section 4.5. of the spec, "Selecting Records" says that if you're
querying for both SPF and TXT record types that:
| 2. If there are both SPF and TXT records in the set and if
| they are not all identical, return a "PermError".
This leads to a problem.
Indeed. Unfortunately, SPF as specified is riddled with similar
problems:
<http://www.enyo.de/fw/software/exim/spf-update.html>
Most of the problems described in that document are things you have to
be careful about when updating DNS records in general. They are not
specific to SPF. You have to be careful when updating things like NS
and MX records to make sure you don't have any dangling DNS pointers,
even when you aren't do anything with SPF.
There is already a brief warning in the spec under section
2.3. "Publishing Authorization". I think your much more detailed
explanation could be useful on a web page or a Best Current Practices
document.
The problem that shew pointed out is something that can *not* be fixed
with standard DNS update techniques. That is why it is different and
critical.
I disagree with all of the other issues that you discuss on that web
page about changes you would like to see to the SPF specification.
-wayne