Re: SPF RR type

Thu, 05 Jun 2014 09:20:18 -0700 

On 6/5/2014 10:34 AM, Mike Hoskins (michoski) wrote:

-----Original Message-----
From: Nicholas F Miller <nicholas.mil...@colorado.edu>
Date: Thursday, June 5, 2014 at 10:25 AM
To: "bind-users@lists.isc.org" <bind-users@lists.isc.org>
Subject: SPF RR type


Are SPF RR types finally dead or not? I¹ve read through rfc7208 it
appears that they are:

   "SPF records MUST be published as a DNS TXT (type 16) Resource Record
   (RR) [RFC1035] only.  The character content of the record is encoded
   as [US-ASCII].  Use of alternative DNS RR types was supported in
   SPF's experimental phase but has been discontinued."

...but to confuse the issue rfc7208 goes on to say:

   "If a future update to SPF were developed that did not
   reuse existing SPF records, it could use the SPF RR type.  SPF's use
   of the TXT RR type for structured data should in no way be taken as
   precedent for future protocol designers.²

Bind-9.10.0-P1 still reports errors if you don¹t have SPF RRs defined
with the SPF TXT records or are not using 'check-spf ignore¹.  Should one
keep existing SPF RRs or remove them? Will future versions of bind stop
reporting errors when SPF RRs don¹t exist?

RFC 7208 is dated April 2014...  Even if/when BIND stops complaining, how
long will it take for the Internet to align with the new standard?  :-)

Look how long BCP38's existed and how many networks don't align despite
obvious benefits to the Internet at large.  I know it's a different ball
of wax...but only kinda.

During such transitional periods, I suggest maintaing the old form for at
least awhile (probably a couple years) to give the world time to update
its configuration.  There used to be quite a few major mail providers who
would bounce or at least flag as spam any mail from hosts not represented
in the domain's SPF TXT record...so the choice of when to change depends
on how much you care (or your users will complain) about misbehaved mail
delivery.
Given the heated and bitter debates over the SPF record type (see http://www.ietf.org/mail-archive/web/dnsext/current/maillist.html, search "SPF", around August of last year), I'm thinking that "a couple years" probably translates into "indefinitely" or even "never".
Some people seem to think the role of the IETF is merely to passively document terrible designs and/or implementations... 

                                                            - Kevin
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to