9.3.3 - SPF record checks

Mark Andrews marka at isc.org
Thu May 30 23:04:11 UTC 2013 

In message <1369953470.1952.58.camel at jhorne.config>, John Horne writes:
> On Fri, 2013-05-31 at 06:53 +1000, Mark Andrews wrote:
> > In message <1369923655.1952.6.camel at jhorne.config>, John Horne writes:
> > > Hello,
> > > 
> > > I noticed in the 9.3.3 announcement the following new SPF check:
> > > 
> > >    Adds a new configuration option, "check-spf"; valid values are
> > >    "warn" (default) and "ignore".  When set to "warn", checks SPF
> > >    and TXT records in spf format, warning if either resource record
> > >    type occurs without a corresponding record of the other resource
> > >    record type.  [RT #33355]
> > > 
> > > I'm a bit curious about this because I thought that the SPF record type
> > > was being deprecated - section 3.1 of
> > > http://datatracker.ietf.org/doc/draft-ietf-spfbis-4408bis/?include_text=1
> > > 
> > > If it is being deprecated, then checking for an SPF record and finding
> > > no corresponding TXT record makes sense, but finding a TXT record and
> > > warning that there is no SPF record would seem a little pointless.
> > 
> > The draft has *not* been ietf last called.
>
> Yup, I realise that this is just a draft and that things may well
> change.
> 
> > If the use of SPF for SPF is deprecated we will adjust the warning
> > but that has not happened yet.
> 
> Fair enough.
> 
> > Current SPF libraries ask for SPF first then TXT so having a SPF
> > record reduces the query load.
> 
> I did not know that. Okay, so there is sense in adding the DNS SPF RR to
> a zone then.

Yes.  libspf2 added SPF (type 99) lookups in 2008.  spamassasin spf
rules do SPF (type 99) lookups though it really isn't the right
place to do those checks.  Other libraries and applications do as
well.

Additionally it ususally takes less resources to save a positive
answer than a negative answer in a cache.

Mark

> John.
> 
> -- 
> John Horne, Plymouth University, UK
> Tel: +44 (0)1752 587287    Fax: +44 (0)1752 587001
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>  from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list