spf-discuss
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Updating SPF type99 and TXT RR's: Simultaneity is not guaranteed.

2005-08-11 08:41:43
from [Scott Kitterman] [Permanent Link] 
-----Original Message-----
From: Florian Weimer [mailto:fw(_at_)deneb(_dot_)enyo(_dot_)de]
Sent: Thursday, August 11, 2005 11:34 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Updating SPF type99 and TXT RR's:
Simultaneity is not guaranteed.


* Scott Kitterman:


Yes.  I do not, however, see any need to remove both type SPF

and type TXT.

Even with the current rules, deleting one record type should be

sufficient.

I agree, anything contrary to that is an error in the web page.  (But
I can't find such a claim at the moment.)


No, but it was in your last message to the list.  That's what I was
responding to:

"...I still have to temporarily remove SPF records (or TXT records, or both)
to..."


I agree that something needs to change here.  Even if the receiver does
sequential lookups and only looks at the second RR type if they don't

find a

record at the first, there is trouble.

There is EVEN trouble for domains that know nothing about SPF.

Stuart had an excellent example of this a few days ago:


http://www.gossamer-threads.com/lists/spf/discuss/22901?#22901


But this seems to be mostly an implementation problem.


 Consider the domain szco.com
$ host -t txt szco.com
;; no records
$ host -t type99 szco.com
;; connection timed out; no servers could be reached

Technically this is a TempError and I suppose that's true for a

sufficiently

long definition of temporary (after they upgrade their DNS infrastructure
and/or firewall).


Due to its distributed nature and optimistic replication strategy, you
can't tell on the spot if DNS errors are temporary or permanent.  (If
you flag this as a PermError, you run into the PermError/SoftFail/Fail
and bounce trap, which is unlikely to get fixed.)


Timed out is a TempError.  The problem is that this is a TempError result
where what you really want is a result of None since the domain hasn't
published an SPF record.

As Stuart said, If you check both and TXT returns no records it needs to be
authoritative over no response for type SPF since not all DNS
implementations respond to requests for unknown RR types.

Clearly, as you have pointed out, the interaction between the multiple RR
types needs some clarification and thought.

Scott K
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Updating SPF type99 and TXT RR's: Simultaneity is not guaranteed., Florian Weimer
Next by Date:  Re: Updating SPF type99 and TXT RR's: Simultaneity is not guaranteed., Florian Weimer
Previous by Thread:  Re: Updating SPF type99 and TXT RR's: Simultaneity is not guaranteed., Florian Weimer
Next by Thread:  Re: Updating SPF type99 and TXT RR's: Simultaneity is not guaranteed., Florian Weimer
Indexes:  [Date] [Thread] [Top] [All Lists]