Re: [spfbis] RFC6147 and RFC7208 interoperability issues
william@leibzon.org Mon, 07 February 2022 23:22 UTC
Return-Path: <william@leibzon.org>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9364E3A0FBE for <spfbis@ietfa.amsl.com>; Mon, 7 Feb 2022 15:22:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JvdHPURI2V3d for <spfbis@ietfa.amsl.com>; Mon, 7 Feb 2022 15:22:21 -0800 (PST)
Received: from relay5.hostedemail.com (relay5.hostedemail.com [64.99.140.39]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDC623A0EDF for <spfbis@ietf.org>; Mon, 7 Feb 2022 15:22:15 -0800 (PST)
Received: from omf04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id 4F08921BA6; Mon, 7 Feb 2022 23:22:14 +0000 (UTC)
Received: from [HIDDEN] (Authenticated sender: william@leibzon.org) by omf04.hostedemail.com (Postfix) with ESMTPA id EA90E20027; Mon, 7 Feb 2022 23:22:13 +0000 (UTC)
MIME-Version: 1.0
Date: Mon, 07 Feb 2022 15:22:13 -0800
From: william@leibzon.org
To: Ángel <angel@16bits.net>
Cc: spfbis@ietf.org
In-Reply-To: <b7fe33e0f8982bb5f4560ed546ac35bdff25e03b.camel@16bits.net>
References: <45e423cc-4095-cca2-bf8c-aa15e977b19c@posteo.de> <DF73F58F-D33E-495A-B18C-58BC994ADE8B@viagenie.ca> <5b5f5a2a-8250-4ee5-3560-80e67b540204@posteo.de> <e061ff19f8bf10bef43399d82a29bee48fbcee5d.camel@16bits.net> <e0f53dcc-a909-9476-691b-84184ba8761c@posteo.de> <b7fe33e0f8982bb5f4560ed546ac35bdff25e03b.camel@16bits.net>
Message-ID: <1fc6a0d819c1872624dcae1e15af0384@leibzon.org>
X-Sender: william@leibzon.org
Content-Type: multipart/alternative; boundary="=_b4f0b268ce40528b133c0d5a6febf659"
X-Rspamd-Queue-Id: EA90E20027
X-Stat-Signature: zx8t4addxj76cmhrp6dwwgryjdjxec1k
X-Rspamd-Server: rspamout08
X-Session-Marker: 77696C6C69616D406C6569627A6F6E2E6F7267
X-Session-ID: U2FsdGVkX19xwLW1hhg66hLWp/Sd2PvakmNvrbXIxj0=
X-HE-Tag: 1644276133-866703
Archived-At: <https://mailarchive.ietf.org/arch/msg/spfbis/SkEa4cW27EQfPBKz2aYXLmG4xbk>
Subject: Re: [spfbis] RFC6147 and RFC7208 interoperability issues
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spfbis/>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Feb 2022 23:22:28 -0000
SPF macro tricks: https://www.jamieweb.net/blog/using-spf-macros-to-solve-the-operational-challenges-of-spf/ I wonder how many people actually use SPF macros.... But yeah, trying to translate these is the kind of hell that should be reserved for full SPF library and not something DNS64 server should probably attempt. Looks like those who want SPF to work behind NAT64 would have to use a library that can discovery what NAT64 prefix is and translate everything. BTW, what's going on with exists and A vs AAAA? The SPF 7206 RFC says: exists = "exists" ":" domain-spec The <domain-spec> is expanded as per Section 7 [1]. The resulting domain name is used for a DNS A RR lookup (even when the connection type is IPv6). If any A record is returned, this mechanism matches." How is this meant to work for those in IPv6 only world? And what will happen when a SPF resolver behind DNS64 tries to resolve this? Is DNS64 just adding AAAA while preserving the A as well for an application that needs it? On 2022-02-07 14:40, Ángel wrote: > On 2022-02-07 at 02:30 +0000, Klaus Frank wrote: > >> Why? Such a query would resolve in the mailserver would make the DNS >> lookup. The DNS64 server than would synthetically add an AAAA-RR to >> the response. > > The issue is not that the response contains an A record but that the > queried domain embeds the remote IP. > > The A result is usually a 127.0.0.x address, with some "magic" meaning > (perhaps lost if translated into IPv6) but the main problem is querying > the right label. > > _______________________________________________ > spfbis mailing list > spfbis@ietf.org > https://www.ietf.org/mailman/listinfo/spfbis Links: ------ [1] https://datatracker.ietf.org/doc/html/rfc7208#section-7
- [spfbis] RFC6147 and RFC7208 interoperability iss… Klaus Frank
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Scott Kitterman
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Marc Blanchet
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [spfbis] RFC6147 and RFC7208 interoperability… william
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Scott Kitterman
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Scott Kitterman
- Re: [spfbis] RFC6147 and RFC7208 interoperability… william
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [spfbis] RFC6147 and RFC7208 interoperability… william
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [spfbis] RFC6147 and RFC7208 interoperability… John Levine
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Andrew Sullivan
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [spfbis] RFC6147 and RFC7208 interoperability… william
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Mark Andrews
- Re: [spfbis] RFC6147 and RFC7208 interoperability… John Levine
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Ángel
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Scott Kitterman
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Andrew Sullivan
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Andrew Sullivan
- Re: [spfbis] RFC6147 and RFC7208 interoperability… John Levine
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Scott Kitterman
- Re: [spfbis] RFC6147 and RFC7208 interoperability… John Levine
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Andrew Sullivan
- Re: [spfbis] RFC6147 and RFC7208 interoperability… John Levine
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Andrew Sullivan
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Stuart D Gathman
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Ángel
- Re: [spfbis] RFC6147 and RFC7208 interoperability… william
- Re: [spfbis] RFC6147 and RFC7208 interoperability… william
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Scott Kitterman
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Mark Andrews
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Klaus Frank
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Mark Andrews
- Re: [spfbis] RFC6147 and RFC7208 interoperability… william
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Alessandro Vesely
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Hector Santos
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Mark Andrews
- Re: [spfbis] RFC6147 and RFC7208 interoperability… Mark Andrews