Most of the problems described in that document are things you have to
be careful about when updating DNS records in general. They are not
specific to SPF. You have to be careful when updating things like NS
and MX records to make sure you don't have any dangling DNS pointers,
even when you aren't do anything with SPF.
Sorry, Wayne, this is just not true.
If I have a dangling NS pointer, my zone continues to work just fine.
I might receive some harassing mail which instructs me to fix the lame
delegation, but that's all. Similar for MX records. If they are
temporarily unavailable (or the host is firewalled), mail is queued,
or other MX records are tried.
SPF is different. The specification *explicitly* requires that
certain problems which can be caused by DNS convergence are flagged as
PermError. IIRC, -01 said that PermError should be treated as
SoftFail (and Frank Ellermann and others still advocates this
approach). Many sites treat SoftFail as Fail, and voilà -- there's
the bounce. Let me repeat: This is NOT what DNS and SMTP do. They
try very hard to treat anything which might be a temporary DNS
convergence problem as that: temporary.
Of course, this leaves something to be desired (anybody who tried to
send a lot of mail to sites like Hotmail a couple of years ago can
testify to that), but this is a quality-of-implementation issue and
can be addressed using retry hints databases which help to detect
persistent temporary failures. (Most MTAs and DNS resolvers have such
capabilities, BTW.)
The problem that shew pointed out is something that can *not* be fixed
with standard DNS update techniques. That is why it is different and
critical.
Temporarily publishing just one record seems to do the trick.