william(at)elan.net wrote:
On Thu, 11 Aug 2005, wayne wrote:
* djbdns only returns 8 RRs instead of the complete RRset
(e.g. add a warning that some resolvers are known to give
incomplete information and using them in conjunction with SPF
checks can lead to errors.)
Which part of draft will it go into?
* it is easier to convert IPv4 to IPv6 and work with just that
(this is just an implementors note.)
Don't add this in. Implementation notes should be few in protocol
specification draft.
* bugs in the ABNF
* "redirect=aaa" is accepted by 'name "=" macro-string' instead of
being rejected.
* "a:ab%-" is accepted because <domain-end> uses <macro-expand>
* CIDR values are not checked for the ranges
And this is ABNF how?
(all of these were fixed in the ABNF that I posted a while back.
* ptr: shouldn't be counted in the process limits? (%{p} isn't)
* the TXT and SPF RRs can get out of sync due to TTLs being different.
Therefore, we should allow implementations to freely choose which
record they want to use.
No, please don't make this change. The appropriate thing is to specify
instead that TXT and SPF RRs dns records MUST have the same TTL.
Given that we are now committed to moving over to the type99 SPF record, the spec should
say that MTA's SHOULD check for the type99 record, and MAY check for a TXT record if a
type99 record does not exist. That solves all the problems of conflicting records.
I am basing this on the premise that anyone who publishes a type99 record will
either:
1. be publishing for the first time and therefore no other record will exist
or
2. be publishing the type99 as an "update" in his zonefile, and it will contain the latest
and more accurate spf record. If he omits to delete the old TXT record, MTA's should *not*
look at it in favour of the type99 record.
Slainte,
JohnP