spf ent txt records.

Mark Andrews marka at isc.org
Mon Mar 18 04:00:05 UTC 2013 

In message <201303180329.r2I3TYcx025922 at calcite.rhyolite.com>, Vernon Schryver writes:
> > From: Mark Andrews <marka at isc.org>
>
> > Yet libspf2 requests SPF records and falls back to TXT on NODATA.
> > It does not do a TXT query if it gets a SPF response.
>
> Even if my option of SPF is insane, compare the 2008 dates on
> http://www.libspf2.org/ and the 2012 date on the surveys in RFC 6686.
> It's clear that for whatever real world reasons, libspf2 was not
> dispositive and that draft-ietf-spfbis-4408bis-12 is right to
> deprecate the SPF type in section 3.1.

MX records took over a decade before one could have a MX only domain
safely.  Changes in the DNS just take a long time.  4 years is less
than 1 depreciation cycle on equipement and they give up.  RFC 4408
failed to set a sunset date.

> > The rational course would be to set a sunset date on TXT style spf
> > records.  April 2016 looks like a good date.  10 years after RFC
> > 4408 was published.
>
> The rational course usually starts with accepting reality as it is.
>
> In the real world, flag days are ignored by most people until there
> is clear profit in honoring them or loss in ignoring them.  A loss can
> be "We've stopped updating the hosts file so if you want your stuff
> to work, you better get busy with the DNS."  Wasting a round trip to
> get NODATA for the SPF RR for google.com or hotmail.com before requesting
> the TXT RR is not a profit.  There is no real world profit in "It is
> esthetically pleasing to put SPF data into its own RR type."

It's not that is is esthetically pleasing to put SPF data into its
own RR type.  It's that TXT has been hijacked and contining to add
more uses to TXT does not scale.  TXT is a reasonable record for
proof of concept.  It isn't and never has been a good long term
choice.

> Your flag day for turning off IPv4 in the core must be soon, because
> IPv6 has already been baking for a lot longer than 10 years.  Besides,
> unlike TXT for SPF, IPv4 has real problems in the real world.

Turning off lookup for TXT record lookup for SPF would have very
little negative impact.  You would have some additional spoofed
email getting through and some additional blow back (which could
be eliminated by publish SPF records).

> Vernon Schryver    vjs at rhyolite.com
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list