Re: [spfbis] Fwd: RFC 7208 SPF - 4.6.4. DNS Lookup Limits increase
Simon Gnieslaw <simon@gnieslaw.com> Mon, 25 April 2022 05:24 UTC
Return-Path: <simon@gnieslaw.com>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CBDA3A20B7 for <spfbis@ietfa.amsl.com>; Sun, 24 Apr 2022 22:24:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gnieslaw.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BoyAPuRISZL0 for <spfbis@ietfa.amsl.com>; Sun, 24 Apr 2022 22:24:47 -0700 (PDT)
Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com [IPv6:2a00:1450:4864:20::631]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D7F73A20B5 for <spfbis@ietf.org>; Sun, 24 Apr 2022 22:24:47 -0700 (PDT)
Received: by mail-ej1-x631.google.com with SMTP id k23so27444186ejd.3 for <spfbis@ietf.org>; Sun, 24 Apr 2022 22:24:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gnieslaw.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kUmeSIBFXT1c1mHZrifpfEFSZgEA4idUoFz7NJtJUi0=; b=aBQ6UZjlAxNdbJm6P2hG8CKcrSQnc76TFOci/vI9cbVeRlJ8iJCKLLo4buLEi2lDRI ABUsH9Gspa5JV0g2M1BMHwU3+6LAldcTie1SEq96PKZfh13UOnOfTVixOkNCJ45FMxL7 BYKVDYkWxYxSqkSNfA1Ovt94Mm1FG9TT5x017v+Iro6xkER5dWi/opHO1tZhystCP+5Y Sw06JTwtQaoTONzupQcVVTbjz4R24JLa5g7dZP7f2qvdskbteA7oujRyhyg2ISuDAps+ Cva8VaSRqUg3xBDrfzS4xPBrD6WBLHhFxQu+VEuD64Tdr+nA1BjAbricUavDpJmjx9xh x1jQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kUmeSIBFXT1c1mHZrifpfEFSZgEA4idUoFz7NJtJUi0=; b=lJKqhveveqx6JUEZUgF+BdbdoxpXgQ7Ln339fJgDuESXIvyBHpcgnV1gnBYH4sPkkM yTCMwlDR00ht3CbJK5h1zLvrq5WJIYDv/6i0wjsSOOzgd0APiBoz8fJ64iupO0/yOn/e Z9MnvdnW+EQQRZhbuhPu3Dwriiezqhoe5x+6QgYIb3ETZhf21IcJ3bQyGwsg9mQLnRfL HpvTSyyPA+EDsm03tiMOlAvS3CDOIfIJsxYQJuuYA8swLQyFjKcKbjHL7ShuJrQcMeYw T4GVmuhKXLzJ84E4NPxFPB6C/yRccwN8hh3pwM8J8qDsZTVH1OPY6Py1AQaO/nwtL1FY ixyg==
X-Gm-Message-State: AOAM532GvdnVtfHjc/wcfbX891qXS58sOOSakj1j+A8jY7Ol/DIiQ9+W ki2u4f14Ju3fQAnvhkfwidTTbW7yH7YueazhczFUcMAasVhnsg==
X-Google-Smtp-Source: ABdhPJz363WFMdSz9Ss3NEDhfHpq+rGPHitpwKUYNwC3PtT+J+/w17EEX8mQKE31vloWA1bdOA+byfhTMmhMcon4FxA=
X-Received: by 2002:a17:907:3f95:b0:6ef:f08e:64a1 with SMTP id hr21-20020a1709073f9500b006eff08e64a1mr15268795ejc.461.1650864285273; Sun, 24 Apr 2022 22:24:45 -0700 (PDT)
MIME-Version: 1.0
References: <CABi22cc9kTSti_HjyKO0XtdcGSXzjwUeqWs0bu_zoT9nBDTbnQ@mail.gmail.com> <20220424173704.303293E71A33@ary.qy> <CABi22cfx8-=zR4a3dttAcmqKz06FLNRdhay_1fUJdW4UoA4MTQ@mail.gmail.com> <bf5fcdd7-0695-9f95-0a88-3900a54100cc@taugh.com>
In-Reply-To: <bf5fcdd7-0695-9f95-0a88-3900a54100cc@taugh.com>
From: Simon Gnieslaw <simon@gnieslaw.com>
Date: Mon, 25 Apr 2022 15:23:33 +1000
Message-ID: <CABi22cc3AQtrDyq=Lv_MoSkdDKQasqxFSON0H3WQRmFN8Qy0+Q@mail.gmail.com>
To: John R Levine <johnl@taugh.com>
Cc: spfbis@ietf.org
Content-Type: multipart/alternative; boundary="0000000000004be41605dd73cbb0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spfbis/tP90Fpn3ZI7JPaRJyzha3oekfHo>
X-Mailman-Approved-At: Mon, 25 Apr 2022 02:39:58 -0700
Subject: Re: [spfbis] Fwd: RFC 7208 SPF - 4.6.4. DNS Lookup Limits increase
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spfbis/>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Apr 2022 05:24:53 -0000
Hi John, I am happy to do the work, I am just unfamiliar with the processes to do so, having never done anything like this before. If I did get started with an RFC on my own, I also wouldn't want to stomp over all those who have already done this fantastic work already. It is not just me, but sysadmins all over who are struggling with this limitation to be compliant, of different skill levels. What you just described for your DNS level is way beyond my skill level, I have no idea what you are talking about with ANAME and RRSIG, and I don't think that it would be an effective use of time for every sysadmin to learn this whole thing just to get past this limitation. Simon. On Mon, 25 Apr 2022 at 06:11, John R Levine <johnl@taugh.com> wrote: > On Mon, 25 Apr 2022, Simon Gnieslaw wrote: > > > Thanks for the reply John, > > > > I am primarily a sysadmin and therefore my focus to put in a solution > which > > is for the most part just set and forget. > > To put this a wee bit cynically, I want *other* people to do work so *I* > don't have to. > > Even if the IETF were to revise RFC 7208, which is not going to happen any > time soon, it would be a long time before people changed their software. > If you remember the type 99 SPF record introduced by RFC 4408, after a > decade approximately nobody had implemented it so we took it out of RFC > 7208. I don't see why an updated lookup limit would be implemented any > faster. > > In my DNS setup, I have scripts that run periodically to update my DNS to > get the effect of an extended ANAME and do monthly RRSIG updates. My SPF > records are all pretty simple but if they weren't, I'd flatten them. It > was a modest amount of work to set up, but now it's all automatic, runs > about once a day and sends me reports that I can generally ignore. > > Regards, > John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY > Please consider the environment before reading this e-mail. https://jl.ly >
- [spfbis] Fwd: RFC 7208 SPF - 4.6.4. DNS Lookup Li… Simon Gnieslaw
- Re: [spfbis] Fwd: RFC 7208 SPF - 4.6.4. DNS Looku… John Levine
- Re: [spfbis] Fwd: RFC 7208 SPF - 4.6.4. DNS Looku… John R Levine
- Re: [spfbis] Fwd: RFC 7208 SPF - 4.6.4. DNS Looku… Scott Kitterman
- Re: [spfbis] Fwd: RFC 7208 SPF - 4.6.4. DNS Looku… Simon Gnieslaw
- Re: [spfbis] Fwd: RFC 7208 SPF - 4.6.4. DNS Looku… Simon Gnieslaw
- Re: [spfbis] Fwd: RFC 7208 SPF - 4.6.4. DNS Looku… John R Levine
- Re: [spfbis] Fwd: RFC 7208 SPF - 4.6.4. DNS Looku… Måns Nilsson
- Re: [spfbis] Fwd: RFC 7208 SPF - 4.6.4. DNS Looku… John Levine