Re: [spfbis] [dnsext] Obsoleting SPF RRTYPE

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



	The really annoying thing is that SPF is techically superior
	to TXT is lots of ways.

	1. It uniquely identifies the roll of the record.

	2. As SPF records are singletons you don't need to identify
	   and remove the old record when updating.  You can just
	   remove all SPF record and add the replacement.

	   For TXT you need to lookup the existing RRset, extract
	   the v=spf1 record from it.  You then need to create a
	   UPDATE message to delete just that record as well as add
	   the new TXT record.   You then have to hope that no one
	   else is performing a simultanious update as you may get
	   two TXT v=spf1 records in the RRset.

	The complains about using SPF is that there are broken
	firewalls and some servers drop queries for it, some registars
	don't support it.

	For firewalls, fix/replace the firewall if you intend to
	deploy SPF and it doesn't support it.  It is total !@##@#
	that firewall are incapable of handling new DNS record
	types.  New records we exected to occur from the very
	beginning and have been coming out regularly ever since the
	DNS was invented.  Firewall vendors that are incapable of
	handling new DNS types are incompetent and do not deserve
	repeat business.

	For servers than drop SPF queries they really are at the
	noise level.  When you identify one you complain to the
	owners of it.  Yes, that does work.  We needed to do that
	for AAAA records.

	For registrars, change registrar to one that does.

	Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@xxxxxxx




[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]