IETF Logo Mail Archive

Re: [spfbis] #24: RFC 4408: Reasonable DNS error limits

Franck Martin <fmartin@linkedin.com> Sun, 20 January 2013 23:39 UTC

Return-Path: <prvs=725ba6107=fmartin@linkedin.com>
X-Original-To: spfbis@ietfa.amsl.com
Delivered-To: spfbis@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFDC421F871E for <spfbis@ietfa.amsl.com>; Sun, 20 Jan 2013 15:39:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.666
X-Spam-Level:
X-Spam-Status: No, score=-3.666 tagged_above=-999 required=5 tests=[IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id imAjbogK6s+z for <spfbis@ietfa.amsl.com>; Sun, 20 Jan 2013 15:39:47 -0800 (PST)
Received: from esv4-mav05.corp.linkedin.com (esv4-mav05.corp.linkedin.com [69.28.149.81]) by ietfa.amsl.com (Postfix) with ESMTP id CA8A921F8700 for <spfbis@ietf.org>; Sun, 20 Jan 2013 15:38:50 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linkedin.com; i=@linkedin.com; q=dns/txt; s=proddkim1024; t=1358725130; x=1390261130; h=from:to:subject:date:message-id:in-reply-to:content-id: content-transfer-encoding:mime-version; bh=a62mPsSlRbvAm02QEEIApbXcF2jLAV9XXuQWQ8v3VoM=; b=Bf34lgCT6xU/HSGXmHZPqtkycfECKUtf+4MC9GzQYUdApklD0PFug+V7 Sfmm+/13YNmfxF6yuQs3E1LuURNRw4G1o3KP7ob/XZxW4hjoXihq+DrCI c5KbwMB6le5xDb2JcuBPH3x9AhaQb8bdgrryzQ8JKaw1dGEtr+jOM5LBc k=;
X-IronPort-AV: E=Sophos;i="4.84,501,1355126400"; d="scan'208";a="36871791"
Received: from ESV4-EXC02.linkedin.biz ([fe80::4d74:48bd:e0bd:13ee]) by esv4-cas02.linkedin.biz ([172.18.46.142]) with mapi id 14.01.0355.002; Sun, 20 Jan 2013 15:38:27 -0800
From: Franck Martin <fmartin@linkedin.com>
To: Scott Kitterman <spf2@kitterman.com>, "spfbis@ietf.org" <spfbis@ietf.org>
Thread-Topic: [spfbis] #24: RFC 4408: Reasonable DNS error limits
Thread-Index: AQHN9W0FGn+8opfWQ0SliDov9l1m4JhQBayAgAELIYCAADdRAP//2bwAgAI+YgD//4N7AA==
Date: Sun, 20 Jan 2013 23:38:26 +0000
Message-ID: <CD21BFA4.BB5C9%fmartin@linkedin.com>
In-Reply-To: <4367ef8f-a24f-4e3b-97d5-80754c520cff@email.android.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.18.46.250]
Content-Type: text/plain; charset="utf-8"
Content-ID: <30471F9906AC0046A4BCA76ADC7ACE80@linkedin.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Subject: Re: [spfbis] #24: RFC 4408: Reasonable DNS error limits
X-BeenThere: spfbis@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: SPFbis discussion list <spfbis.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spfbis>, <mailto:spfbis-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/spfbis>
List-Post: <mailto:spfbis@ietf.org>
List-Help: <mailto:spfbis-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spfbis>, <mailto:spfbis-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Jan 2013 23:39:47 -0000


On 1/20/13 3:04 PM, "Scott Kitterman" <spf2@kitterman.com> wrote:

>
>
>Franck Martin <fmartin@linkedin.com> wrote:
>
>>
>>
>>On 1/19/13 7:05 AM, "Scott Kitterman" <spf2@kitterman.com> wrote:
>>
>>>On Saturday, January 19, 2013 12:47:35 PM Alessandro Vesely wrote:
>>>> On Fri 18/Jan/2013 20:51:29 +0100 Scott Kitterman wrote:
>>>>
>>>>  Note that when computing the sizes for queries of the TXT format,
>>one
>>>>has
>>>>  to take into account the size of all records returned with the
>>query,
>>>>  including any other TXT records published at the domain name.  It
>>is
>>>>more
>>>> reliable if all answers for all queries needed to process the SPF
>>>>record can
>>>> be returned in a single UDP packet.
>>
>>Replace reliable by efficient in the above, otherwise you may infer
>>that
>>DNS fallback to TCP is not a reliable standard.
>
>That's the point.  Operationally it's not reliable because it's
>unfortunately common for port 53 TCP to be blocked.
>

Yes and my point is that there is nothing wrong with the protocol, it is
an operational issue. People are free to shoot themselves in the foot.

v2.46.0 | Report a Bug | By Email | System Status