Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt

[Paul Vixie <paul@vix.com>]

> It sounds very dangerous.

yes.  see RFC 1535 (and perhaps RFC 1536) to understand the dangers
inherent in client-side dns surfing.

> However, the load on the TLD servers could be greatly diminished by
> adding a TLD TXT record with a very high TTL.

no.  enough broken dns clients out there fail to cache anything at all,
positive or negative, that the presence of a TLD TXT RR would not slow
down the rate at which these queries were generated, or needlessly and
endlessly repeated.

> I am not saying it's a solution to the problem. Just yet another hack.
> The application should never query the TLD servers (nor lvl 2 for e.g.
> .uk) for SPF-records of any kind.

i had not even considered .CO.UK (et al) when i wrote my "less than two
labels" recommendation.  there's basically no way to appropriately limit
the search based on the TLD or SLD.  since there's also absolutely no
reason to do this kind of searching from the client side -- whatever they
use to look up MX will work to look up TXT -- which means, wildcards or
masqueradenames.  this "search the parent" logic has to be removed, or
replaced with a "MUST NOT" of some kind.

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>