SPF on 9.4.1 now?
Clenna Lumina
savagebeaste at yahoo.com
Thu Jun 21 01:39:42 UTC 2007
Michael Milligan wrote:
> Mark Andrews wrote:
>>> Mark Andrews wrote:
>>>
>>>> No. You use it *instead* of TXT record. There is no need
>>>> to dual publish the data. Anyone that really cares about
>>>> SPF will upgrade their clients.
>>>
>>> As a practical matter, I must respectfully disagree. It will be
>>> some time before everyone gets a chance to upgrade, and the timeout
>>> issue with looking up SPF from some DNS server sets (not BIND or MS
>>> implementations far as I can tell) is a significant issue. This
>>> timeout issue could, of course, be a firewall issue... anyway, it
>>> has a significant impact on high-volume (for various definitions of
>>> "high") mail sites. And thus is ultimately off-topic for this
>>> list. FIN.
>>
>>
>> What timeout issue? If you don't publish the old clients
>> will get a NODATA response. There is no time out issue in
>> not publishing the TXT record.
>
> The timeout issue is with looking up SPF records on some name servers.
>
> Compare:
>
> $ dig +norecurse TXT massivebonus.com @ns1.massivebonus.com
>
> to:
>
> $ dig +norecurse SPF massivebonus.com @ns1.massivebonus.com
>
> to see what I mean
Ok, thats not the reason it lags:
$ dig +norecurse SPF massivebonus.com @ns1.massivebonus.com
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58870
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 13, ADDITIONAL: 3
;; QUESTION SECTION:
;SPF. IN A
Notice how it's still attempting an A record trying to find "SPF." as if
it was a tld. Granted, this is dig from bind 9.3.4, which is fairly
recent. It's not 9.4.x, but I think it illustrates the real problem;
theres far too many pre-9.4 (and pre 9.x general) implimentations of
Bind that introducing SPF as a RR type is almost guarenteed to divide
things even more than they already are.
Anyone who thinks the SPF RR type will some how make everyone upgrade to
the latest and greatest is living in a dream world methinks. Theres far
too many orgranizations using 8.x, and even 4.x (shudder), for what ever
reason. Furthurmore, one new RR type just might be enough to warrent an
upgrade in many people's mind. Especially if they use the TXT spf format
and it just "works." I understand that TXT RR's are meant for human
consumption, but it was a good way of adding such data with out breaking
things that just worked.
I will concede that SPF in general could of been implimented better.
;; AUTHORITY SECTION:
. 232226 IN NS f.root-servers.net.
. 232226 IN NS g.root-servers.net.
. 232226 IN NS h.root-servers.net.
. 232226 IN NS i.root-servers.net.
. 232226 IN NS j.root-servers.net.
. 232226 IN NS k.root-servers.net.
. 232226 IN NS l.root-servers.net.
. 232226 IN NS m.root-servers.net.
. 232226 IN NS a.root-servers.net.
. 232226 IN NS b.root-servers.net.
. 232226 IN NS c.root-servers.net.
. 232226 IN NS d.root-servers.net.
. 232226 IN NS e.root-servers.net.
;; ADDITIONAL SECTION:
a.root-servers.net. 159358 IN A 198.41.0.4
j.root-servers.net. 159358 IN A 192.58.128.30
l.root-servers.net. 600293 IN A 198.32.64.12
;; Query time: 7 msec
;; SERVER: 192.168.8.4#53(192.168.8.4)
;; WHEN: Wed Jun 20 18:26:11 2007
;; MSG SIZE rcvd: 280
; <<>> DiG 9.3.4 <<>> +norecurse SPF massivebonus.com
@ns1.massivebonus.com
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached
--
CL
More information about the bind-users
mailing list