On Thu, 11 Aug 2005, wayne wrote:
* ptr: shouldn't be counted in the process limits? (%{p} isn't)
There is a cost to the first PTR, but subsequent PTR mechanisms are
CPU only. The KISS aproximation for DOS limiting is to ignore it completely.
This has the nice side effect of also being consistent with not counting %{p}.
There is still the limit of considering only the first 10 PTR records
in the RR set. Presumably, that applies to %{p} also. There was some
disagreement over whether more that 10 PTRs for an IP should be a
PermError, or simply ignored (leading to inconsistent results depending
on which 10 an implementation picks).
* the TXT and SPF RRs can get out of sync due to TTLs being different.
Therefore, we should allow implementations to freely choose which
record they want to use.
* CNAME chains should be limited to 10 hops. More than 10 hops
should be treated as NX_DOMAIN or PermError to match whether
more than 10 PTR, MX, or A RRs should be ignored or cause PermError.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.