IETF Logo Mail Archive

Re: [dnsext] Obsoleting SPF RRTYPE

Dave Lawrence <tale@dd.org> Thu, 25 April 2013 13:21 UTC

Return-Path: <tale@dd.org>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3263F21F95EB for <dnsext@ietfa.amsl.com>; Thu, 25 Apr 2013 06:21:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EDsL0u1Pr67M for <dnsext@ietfa.amsl.com>; Thu, 25 Apr 2013 06:21:47 -0700 (PDT)
Received: from gro.dd.org (gro.dd.org [209.198.103.200]) by ietfa.amsl.com (Postfix) with ESMTP id 19BB321F95E9 for <dnsext@ietf.org>; Thu, 25 Apr 2013 06:21:40 -0700 (PDT)
Received: by gro.dd.org (Postfix, from userid 102) id 79D823F464; Thu, 25 Apr 2013 09:21:39 -0400 (EDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Message-ID: <20857.11747.323954.434699@gro.dd.org>
Date: Thu, 25 Apr 2013 09:21:39 -0400
From: Dave Lawrence <tale@dd.org>
To: dnsext@ietf.org
In-Reply-To: <20130425123430.GC18348@mx1.yitter.info>
References: <20130425013317.36729.qmail@joyce.lan> <80ADB3EE-17FD-4628-B818-801CB71BCBFE@virtualized.org> <alpine.BSF.2.00.1304242309150.38677@joyce.lan> <46778ED3-35A2-44B4-BE3C-AAC4F7B314FF@virtualized.org> <8D23D4052ABE7A4490E77B1A012B63077515B696@mbx-01.win.nominum.com> <20130425123430.GC18348@mx1.yitter.info>
Subject: Re: [dnsext] Obsoleting SPF RRTYPE
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Apr 2013 13:21:48 -0000

Andrew Sullivan writes:
>     1.  Specify that clients query first SPF, and then query TXT if
>     SPF returned NODATA.
> [...]
> We rejected (1) (in consultation with DNSOP) on the grounds that the
> evidence showed overwhelmingly that deployed systems used TXT in
> preference to SPF.  A number of systems (including, full disclosure,
> one of the services that my employer, Dyn, offers) to this day only
> support SPF using TXT records.  So, (1) would result in an increase of
> query traffic with little, if any, benefit.

In the near term.  It is unclear what the effect would be long term.

I know that, as an implementer, if I had a spec that was unambiguous
about the intended behaviour of SPF-then-TXT that I would endeavour to
make my software be part of the evolution that moved things in the
right direction.  (I currently work on a widely deployed auth server,
not a resolver, and that server supports the SPF record.)

I will not pretend to prognosticate, however, on whether similar
action by other developers would be widespread enough to eventually
noticeably mitigate the extra query hit.  I don't think anyone else
can convincingly make the case that they really know how it would work
out, either.

As an operator, both for a large organization and also one whose
personal DNS server sits behind a pretty small pipe, to me that extra
hit is hardly a worse situation than AAAA-then-A.

v2.23.0 | Report a Bug | By Email