Mailing List Archive: SPF: Discuss

new RR type

Index | Next | Previous | View Threaded

mengwong at dumbo

Oct 8, 2003, 7:54 AM

Post #1 of 7 (401 views)
Permalink

new RR type

On Wed, Oct 08, 2003 at 02:13:09PM +0200, Paul Wouters wrote:
|
| Doing it in TXT records is clumsy. We (as in IETF dnsex group) are doing something
| really wrong if people need to keep abusing the TXT records for stuff. I guess
| it would be good to start with, but ideally a new RRtype should be used.
|

does using a new RRtype mean that nameservers everywhere must be upgraded?

thanks
meng

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@©#«Mo\¯HÝÜîU;±¤Ö¤Íµøˆ¡

paul at xtdnet

Oct 8, 2003, 10:34 AM

Post #2 of 7 (393 views)
Permalink

Re: new RR type [In reply to]

On Wed, 8 Oct 2003, Meng Weng Wong wrote:

> does using a new RRtype mean that nameservers everywhere must be upgraded?

AFAIK, that's the whole point behind the new UNKNOWN record type. One can make
new record types.

Paul

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@©#«Mo\¯HÝÜîU;±¤Ö¤Íµøˆ¡

arlie at sublinear

Oct 8, 2003, 4:32 PM

Post #3 of 7 (393 views)
Permalink

RE: new RR type [In reply to]

Why not use the SRV record? SRV is a generic service record. SRV was
intended for exactly these kinds of scenarios -- describing a new
service of some kind, without the need for partying on TXT record, and
without the need for an entirely new DNS record.

I HIGHLY recommend that the editors of the SPF / et al. proposals take a
look at using SRV records instead of the current _smtp_client hack.

http://www.ietf.org/rfc/rfc2052.txt

-- arlie

-----Original Message-----
From: owner-spf-discuss [at] v2
[mailto:owner-spf-discuss [at] v2] On Behalf Of Paul Wouters
Sent: Wednesday, October 08, 2003 1:34 PM
To: spf-discuss [at] v2
Cc: pna.lists
Subject: Re: [spf-discuss] new RR type

On Wed, 8 Oct 2003, Meng Weng Wong wrote:

> does using a new RRtype mean that nameservers everywhere must be
> upgraded?

AFAIK, that's the whole point behind the new UNKNOWN record type. One
can make new record types.

Paul

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname@©#«Mo\¯HÝÜîU;±¤Ö¤Íµøˆ¡

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@©#«Mo\¯HÝÜîU;±¤Ö¤Íµøˆ¡

wayne at midwestcs

Oct 10, 2003, 11:13 AM

Post #4 of 7 (393 views)
Permalink

Re: new RR type [In reply to]

In <000001c38df4$6a2a7590$0100a8c0 [at] laik> "Arlie Davis" <arlie [at] sublinear> writes:

> Why not use the SRV record? SRV is a generic service record. SRV was
> intended for exactly these kinds of scenarios -- describing a new
> service of some kind, without the need for partying on TXT record, and
> without the need for an entirely new DNS record.

Unless I'm missing something, SPF really isn't a service, at least not
in the same sense as SMTP, HTTP, NTP, NNTP, etc. There is no daemon
running on a server that has a public port that people can connect to.

As such, I don't think SRV records are appropriate.

-wayne

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@©#«Mo\¯HÝÜîU;±¤Ö¤Íµøˆ¡

arlie at sublinear

Oct 10, 2003, 12:36 PM

Post #5 of 7 (394 views)
Permalink

RE: new RR type [In reply to]

SPF is far closer to a "service" than a TXT record. TXT records are
COMPLETELY unstructured, and never, ever should have been defined in the
first place.

SRV records, on the other hand, allow you to distinguish the service
type. SPF *IS* a service, in the sense that it provides functionality
to DNS-querying clients. It is not a service in the sense that it is
not listening on some TCP port somewhere.

Basically, SRV with the "service name" field = SPF obviates the need for
fake subdomains like _smtp_client. We went through all this hell with
HTTP and the stupid www. convention, just because we didn't have the SRV
record when HTTP hit.

Please don't make the same mistake.

-- arlie

-----Original Message-----
From: owner-spf-discuss [at] v2
[mailto:owner-spf-discuss [at] v2] On Behalf Of wayne
Sent: Friday, October 10, 2003 2:13 PM
To: spf-discuss [at] v2
Subject: Re: [spf-discuss] new RR type

In <000001c38df4$6a2a7590$0100a8c0 [at] laik> "Arlie Davis"
<arlie [at] sublinear> writes:

> Why not use the SRV record? SRV is a generic service record. SRV was

> intended for exactly these kinds of scenarios -- describing a new
> service of some kind, without the need for partying on TXT record, and

> without the need for an entirely new DNS record.

Unless I'm missing something, SPF really isn't a service, at least not
in the same sense as SMTP, HTTP, NTP, NNTP, etc. There is no daemon
running on a server that has a public port that people can connect to.

As such, I don't think SRV records are appropriate.

-wayne

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname@©#«Mo\¯HÝÜîU;±¤Ö¤Íµøˆ¡

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@©#«Mo\¯HÝÜîU;±¤Ö¤Íµøˆ¡

paul at xtdnet

Oct 10, 2003, 12:43 PM

Post #6 of 7 (396 views)
Permalink

RE: new RR type [In reply to]

On Fri, 10 Oct 2003, Arlie Davis wrote:

> SPF is far closer to a "service" than a TXT record. TXT records are
> COMPLETELY unstructured, and never, ever should have been defined in the
> first place.

There are exactly useful and needed because it allows people to put in
anything without structure. For instance, when IETF fucked up the KEY
record, and disallowed all applicatins but DNSSEC to use it, even though it
had defined it for IPSEC, it was useful to be able to fall back on TXT
records. (See "Frees/WAN Opportunistic Encryption")

> We went through all this hell with HTTP and the stupid www. convention,
> just because we didn't have the SRV record when HTTP hit.

I am pretty sure SRV predates HTTP, but I can't be bothered to look it up :)

> Please don't make the same mistake.

It's quite different anyway. Who cares if *computers* need to look up
fake domains. As long as *humans* don't need to type things like www for
a website.

Paul

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@©#«Mo\¯HÝÜîU;±¤Ö¤Íµøˆ¡

wayne at midwestcs

Oct 10, 2003, 1:10 PM

Post #7 of 7 (393 views)
Permalink

Re: new RR type [In reply to]

In <005d01c38f65$cf32aee0$0100a8c0 [at] laik> "Arlie Davis" <arlie [at] sublinear> writes:

> SPF is far closer to a "service" than a TXT record.

Ok, I plead ignorant aobut SRV records and how they would be used.
Could you please help me understand them better?

For SPF, what would they look like?

Would it look like:

spf.tcp.${DOMAIN} SRV 0 0 _smtp_out

Where the user could change _smtp_out to be a different label if they
already have that subdomain?

or, would it look like:

${rev_ip_address}.spf.${DOMAIN} SRV 0 0 127.0.0.2

According to RVC2052, the last field (target) is supposed to be a
domain name, so we couldn't put the SPF options there.

-wayne

-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname@©#«Mo\¯HÝÜîU;±¤Ö¤Íµøˆ¡

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads