Hi,I wrote an I-D for updating DNS64 to better work for MTA operators. I'd like to get your opinions on that as some guidance on how to move forward with it (sorry I'm new to the process). Some background for this we had some issues with SPF and a mail server that was behind NAT64+DNS64. I at first thought that it was just a misconfiguration. But after the DNS64 server seamed to work as intended I went to the implementation and the RFC. Thereby while reading RFC6147 I stumbled across section 5.3.3 which says "All other RRs MUST be returned unchanged." which is the cause of my issues. This section is basically ignoring SPF records (RFC7208 section 5.6) and also preventing DNS64 implementations from addressing this limitation themselves. After some discussion on the behave and spfbis mailing list I created this I-D. I was referred to this mailing list as both the behave as well as the spfbis WG are closed.
GitHub: https://github.com/agowa338/IETF-RFC-drafts/blob/main/draft-frank-dns64-spf-extension-03.xml
Sincerely, Klaus Frank Name: draft-frank-dns64-spf-extension Revision: 03Title: An Extension to DNS64 for Sender Policy Framework SPF Awareness
Document date: 2022-02-14 Group: Individual Submission Pages: 6 URL: https://www.ietf.org/archive/id/draft-frank-dns64-spf-extension-03.txt Status: https://datatracker.ietf.org/doc/draft-frank-dns64-spf-extension/Html: https://www.ietf.org/archive/id/draft-frank-dns64-spf-extension-03.html Htmlized: https://datatracker.ietf.org/doc/html/draft-frank-dns64-spf-extension
Diff: https://www.ietf.org/rfcdiff?url2=draft-frank-dns64-spf-extension-03 Abstract: This document describes interoperability issues and resolutions between DNS64 and SPF records for mail transfer agents. This document also aims to simplify the IPv6 migration for mail transfer agent operators. This document updates [RFC6147] and [RFC7208].
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop