SPF RR type

Nicholas F Miller nicholas.miller at Colorado.EDU
Thu Jun 5 16:47:46 UTC 2014 

Thanks for the link. It is an amusing read. I had no idea the SPF record was so contentious.
_________________________________________________________
Nicholas Miller, OIT, University of Colorado at Boulder




On Jun 5, 2014, at 10:18 AM, Kevin Darcy <kcd at chrysler.com> wrote:

> On 6/5/2014 10:34 AM, Mike Hoskins (michoski) wrote:
>> -----Original Message-----
>> From: Nicholas F Miller <nicholas.miller at Colorado.EDU>
>> Date: Thursday, June 5, 2014 at 10:25 AM
>> To: "bind-users at lists.isc.org" <bind-users at lists.isc.org>
>> Subject: SPF RR type
>> 
>>> Are SPF RR types finally dead or not? I¹ve read through rfc7208 it
>>> appears that they are:
>>> 
>>>   "SPF records MUST be published as a DNS TXT (type 16) Resource Record
>>>   (RR) [RFC1035] only.  The character content of the record is encoded
>>>   as [US-ASCII].  Use of alternative DNS RR types was supported in
>>>   SPF's experimental phase but has been discontinued."
>>> 
>>> ...but to confuse the issue rfc7208 goes on to say:
>>> 
>>>   "If a future update to SPF were developed that did not
>>>   reuse existing SPF records, it could use the SPF RR type.  SPF's use
>>>   of the TXT RR type for structured data should in no way be taken as
>>>   precedent for future protocol designers.²
>>> 
>>> Bind-9.10.0-P1 still reports errors if you don¹t have SPF RRs defined
>>> with the SPF TXT records or are not using 'check-spf ignore¹.  Should one
>>> keep existing SPF RRs or remove them? Will future versions of bind stop
>>> reporting errors when SPF RRs don¹t exist?
>> RFC 7208 is dated April 2014...  Even if/when BIND stops complaining, how
>> long will it take for the Internet to align with the new standard?  :-)
>> 
>> Look how long BCP38's existed and how many networks don't align despite
>> obvious benefits to the Internet at large.  I know it's a different ball
>> of wax...but only kinda.
>> 
>> During such transitional periods, I suggest maintaing the old form for at
>> least awhile (probably a couple years) to give the world time to update
>> its configuration.  There used to be quite a few major mail providers who
>> would bounce or at least flag as spam any mail from hosts not represented
>> in the domain's SPF TXT record...so the choice of when to change depends
>> on how much you care (or your users will complain) about misbehaved mail
>> delivery.
> 
> Given the heated and bitter debates over the SPF record type (see 
> http://www.ietf.org/mail-archive/web/dnsext/current/maillist.html, 
> search "SPF", around August of last year), I'm thinking that "a couple 
> years" probably translates into "indefinitely" or even "never".
> 
> Some people seem to think the role of the IETF is merely to passively 
> document terrible designs and/or implementations...
> 
>                                                             - Kevin
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

More information about the bind-users mailing list