[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

TECH-ERROR: DNS Record Types



I believe that the latest Protocol draft (draft-ietf-marid-protocol-03)
contains changes that don't correctly reflect the consensus of the group
concerning DNS record types. Briefly, it states:

1. Publishers MUST publish using the new SPF2 record type.
2. Publishers MAY also publish using TXT records.
3. Consumers MUST do lookups using the new SPF2 record type.
4. Consumers MAY also do lookups using TXT records.
5. Consumers MAY do both lookups (3 and 4) in parallel.
6. If consumers receive records from both lookups, they SHOULD use
   the SPF2 record and ignore the TXT record.

These are all in section 2.1.1 of the Protocol doc.

The problems with the above are:

a. It's not what was previously debated / agreed to.
b. Anyone who can't publish an SPF2 record cannot comply with this spec.
c. Anyone who can't look up an SPF2 record cannot comply with this spec.
d. Publishers who take the "MAY" in step 2 above to heart and don't
   publish TXT records will have their record be completely invisible
   to consumers that can't query for the new record type.

I respectfully request that the above requirements be replaced with:

1.Pushblishers SHOULD publish using the new SPF2 record type,
  if they are able to do so.
2. Regardless of whether they published using the SPF2 record
   type, publishers MUST publish a TXT record.
2a.The contents of the SPF2 record and TXT record MUST be identical.
3. Consumers SHOULD check for the new SPF2 record type, if they
   are able to do so.
4. Consumers who either cannot query for SPF2 records or who find
   that a domain hasn't published any SPF2 records MUST query for
   a TXT record.
5. Consumers MAY do both lookups (3 and 4) in parallel.
6. If consumers receive records from both lookups, they SHOULD use
   the SPF2 record and ignore the TXT record.

Brief Discussion:

It's undisputed that the world would be a better place if everyone uses
the new record type. However, it's also undisputed that many players
won't be able to publish and/or consume the new record type until new
software is installed. The updated requirements as I've spelled them out
above will me that:
  a) Everyone can work before new DNS software is installed.
  b) After new DNS software is installed, there will be minimal harm to
the DNS system.

I think that (a) is obvious. There are four sub-cases:

i. Publisher and consumer both have out-of-date DNS software:

If the publisher and consumer both have out-of-date DNS software, the
publisher will only publish a TXT record. The consumer will only query
for a TXT record, and get the right information.  All of the oft-debated
issues of packet size and TCP fallback apply.

ii. Publisher has up-to-date DNS software and consumer has out-of-date
DNS software:

If the publisher has up-to-date DNS software, he'll publish both an SPF2
record and a TXT record. The consumer will only query for a TXT record,
and get the right information. All of the packet size and TCP fallback
issues apply.

iii. Publisher has out-of-date DNS software and consumer has up-to-date
DNS software:

If the publisher has out-of-date DNS software, he'll only publish a TXT
record. The consumer will query for a DNS2 record, and receiving no
records will query for a TXT record, yielding the right information. All
of the packet size and TCP fallback issues will apply.

iv. Publisher and consumer both have up-to-date DNS software.

If both the publisher and the consumer have up-to-date DNS software, the
publisher will publish both an SPF2 and a TXT record. They consumer will
query for the SPF2 record, and get the right information.  The
packet-size issues will generally not apply, because the SPF2 record
won't be mingled with other irrelevant records.

So in all four cases, the updated requirements work. Contrast this with
the currently specified requirements, which cause cases (ii) and (iii)
to fail to discover the record.

b. Note that after up-to-date DNS software is widely deployed, only SPF2
record will be queried for. The TXT records will still exist, but will
not be the subject of queries by SenderID software. As such, the only
harm that the TXT records cause is that they will take up space in
packets when other applications query for TXT records for a domain.
However, as there aren't any such widely-deployed other applications,
this harm is minimal and largely theoretical.


-- Jim Lyon