Commerco WebMaster wrote:
SPF List,
I had a thought (yes, I know, the media has been alerted) to reduce
redundant DNS data transfer as regards the migration to the SPF RR from
the TXT RR.
Does it make any sense to add a new option for an SPF record to the
specification that allows for the TXT record to indicate support exists
or does not exist for SPF under the new SPF RR record? For example:
TXT "v=spf1 {all the other stuff normally published} [+|-]spf"
where the trailing "spf" above offers a hint to an MTA that an SPF RR is
also being published. Obviously, the option name need not be "spf", but
could alternately be something like "rr" or even "spfrr", the point is
adding something that tells the software interpreting the record that
the requested answer is available or not available via the SPF RR
record. This might also be valuable for some publishers to avoid
redundant lookups where their DNS implementation for whatever reason
does not or cannot support the new SPF RR record and thus can supply a
clue to avoid the requesting MTA having to do an extra lookup that is
guaranteed to fail - saving everyone a bit of a headache.
Somewhere down the road, publishers might also want to use this ability
to reduce the amount of traffic from redundant data being sent by both a
TXT RR and SPF RR request. Eventually, just publishing a TXT "v=spf1
+spf" could be interpreted as, "why yes, we do publish SPF data, but
your answer is found at our SPF RR, so use that".
I just thought it might be nice to have this feature as part of a
proactive plan for the migration away from the TXT SPF record.
I think this and some other solutions to DNS problems are possibly bending over backwards
to accomodate bad DNS management. We risk making the SPF spec overly complicated if we try
to accomodate all the non-standard foibles that exist amongst users on the internet.
Record publishers are going to take some time to start putting up SPF type99 records, not
least because a lot of the zonefile GUI tool maintainers will take a while to realise that
such an RR type exists and incorporate it into their system.
Anyone with the most basic knowledge of maintaining a zonefile knows that there are 5
stages for editing a zonefile:-
1. Reduce the ttl to 1 second for super critical stuff - a bit more depending on how
critical the amendment is - say 60 seconds for more normal records on a not-too-busy domain)
2. Wait for the length of time previously specified in the ttl
3. Make the change to the zonefile, and wait for the temporary, short ttl
4. Check operation of the change.
5. If okay - restore the normal ttl, and wait for the ttl to expire and check
again.
This is basic zonefile maintenance procedure and is really outside the scope of this list,
but from some of the queries and comments it seems that some zonefile editors are not
aware of it. It's like people who add an SPF record and then complain that is "doesn't
work" - usually because of promulgaton delays - which do not exist if you do it right.
MTA's checking for spf records are assumed to be operating within the spec, or at least a
reasonably recent version of the spec. Hopefully the spec will say the MTA's SHOULD check
for an type99 SPF record, and MAY check for a TXT record if a type99 is not found.
Slainte,
JohnP