Re: SPF I-D for review: draft-schlitt-spf-classic-00.txt

[Stephane Bortzmeyer <bortzmeyer@nic.fr>]

On Wed, Jan 12, 2005 at 03:11:38AM -0800,
 william(at)elan.net <william@elan.net> wrote 
 a message of 939 lines which said:

> but actual start of authority domain is the same no matter if you
> lookup for SOA or NS.

Not really, see later.

> I preferred SOA because that is real authority data 
...
> This all points out that using existing DNS RFC2181 as reference for
> what we want is probably not the best idea

I assume that RFC 2181 uses NS for a reason. I do not know it but we
could ask the authors or Google or the namedroppers' archive.

> and that we need new separate draft document explaining how these
> new zonecut default answer wildcards are supposed to work and how
> dns server can simulate and synthesize the answer and how dns client
> (or dns resolver) can find it if the answer was not available by
> finding correct zonecut

Good luck for the discussion on namedroppers :-)

> Below are the results of me checking .ac as Stephane suggested - as
> you can see they always provide same zonecut domain name
> answers. The difference does exist for sub.domain.com where some of
> the servers do provide the answer but majority do not.

This is because some name servers of the TLD are recursive but not all
(there is a "rd" in your flags but not always a "ra" in the
answer). Check with "dig +norecurse" and you'll see a different
picture, specially for zone cuts.


--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>