Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lookup Count Inconsistencies
Jan Schaumann <jschauma@netmeister.org> Sun, 15 January 2023 22:48 UTC
Return-Path: <jschauma@netmeister.org>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AC39C14F749 for <spfbis@ietfa.amsl.com>; Sun, 15 Jan 2023 14:48:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.097
X-Spam-Level:
X-Spam-Status: No, score=-7.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=netmeister.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qDaGvS2tWU8X for <spfbis@ietfa.amsl.com>; Sun, 15 Jan 2023 14:48:48 -0800 (PST)
Received: from panix.netmeister.org (panix.netmeister.org [IPv6:2001:470:30:84:e276:63ff:fe72:3900]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43723C14F726 for <spfbis@ietf.org>; Sun, 15 Jan 2023 14:48:48 -0800 (PST)
Received: by panix.netmeister.org (Postfix, from userid 1000) id 9766E85861; Sun, 15 Jan 2023 17:48:47 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=netmeister.org; s=2023; t=1673822927; bh=FkLe1eq1Dd0cffmZaDbxw86vE1ZQWXhmD1dplsVsPpE=; h=From:To:Subject:Content-Type:From:To:Subject; b=T2vn/d48FQZSCmhiVks1E58WFjzvFNFDpPtZomatgpKj8HVRWE/kwQ4D/448fBFK2 Uca207YIy78NpTbuylK1gw+VAXzf/iVI+58lzlVv2ExyHSWVjsv8JiJtNrhTqgaqCw ZwpgU15+h3Twsov3gw5mapDtEAvl8hYumybUSsmylKZ4/XwjcFnb6drW4KaPBuY4HS zwIDBotVo8RrDlKIdxktq3HP8sjZveIFSfZhB4vMNIcbs4uos2pnvnmU1a9Y5ZwqaZ qBE5z7kK5ahcy3CYMNpf1PChiXiPQSchJjn1nBeCcr8LDe7Tbpg8/nMrVBtRIL7pEF KstTGP8sA4g2A==
Date: Sun, 15 Jan 2023 17:48:47 -0500
From: Jan Schaumann <jschauma@netmeister.org>
To: spfbis@ietf.org
Message-ID: <Y8SCz4bC15iRa/tB@netmeister.org>
References: <79ac443e-b0ee-6598-cec0-9cf32c3dc1d1@tekmarc.com> <2052933.pCZHq2v93S@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <2052933.pCZHq2v93S@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spfbis/QsZmDeBxAZFU1hW8J99iS83gNVs>
Subject: Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lookup Count Inconsistencies
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spfbis/>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Jan 2023 22:48:52 -0000
Scott Kitterman <spf2@kitterman.com> wrote: > Moving forward, here's the full text specific to MX from RFC 7208, Section > 4.6.4: > > > When evaluating the "mx" mechanism, the number of "MX" resource > > records queried is included in the overall limit of 10 mechanisms/ > > modifiers that cause DNS lookups as described above. In addition to > > that limit, the evaluation of each "MX" record MUST NOT result in > > querying more than 10 address records -- either "A" or "AAAA" > > resource records. If this limit is exceeded, the "mx" mechanism MUST > > produce a "permerror" result. > > In the example you gave, only the +mx lookup counts against the overall limit. > "MX" resource records are exactly that. The address records (A/AAAA) are > counted separately as clearly indicated in the sentence after the one you > quoted. > I think you need to go back and revisit you assessment of how these work as I > don't think it's correct. We struggled with this in the SPFbis working group > as it was very difficult to come up with clear and accurate language, so I'm not > surprised to see it's not immediately obvious what we meant. I'm afraid the intent is still ambiguous. Could you clarify by example: $ dig +short txt example.com v=spfv1 +a +mx -all $ dig +short mx example.com 10 a.example.com 20 b.example.com $ Is it 2 (one for the 'a' lookup, and one for the 'mx'), or is it 4 (one for the 'a' lookup, one for the 'mx' lookup, and, because MX records return host names and IP addresses, an additional lookup for each MX record returned)? -Jan
- [spfbis] RFC7208 4.6.4 Interpretation - MX Lookup… Mark Alley
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Mark Alley
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Mark Alley
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Scott Kitterman
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Mark Alley
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Jan Schaumann
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Jan Schaumann
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Scott Kitterman
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Jan Schaumann
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Scott Kitterman
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Tim Wicinski
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… John Levine
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Tim Wicinski
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Jan Schaumann
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… william
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… John R Levine
- Re: [spfbis] RFC7208 4.6.4 Interpretation - MX Lo… Klaus Frank