Phil Pennock wrote on 2020-03-13 22:00:
On 2020-03-13 at 21:07 -0700, Paul Vixie wrote:
the concatenation of <character-strings> on 255-octet boundaries has never
been specified in a DNS RFC, and if the DKIM and SPF specifications require
this, they are legislating from the bench.
Isn't that one of the points of DNS: that semantics should be laid on by
applications above it, while RFC 2181 keeps the DNS itself much more
agnostic about such matters?
it is not, in two ways.
first, the semantic described for these strings is not an example of how
applications are expected to layer on their own interpretation. while
this could certainly be done for the SPF record, as it was for MX and
SRV and dozens of others, TXT already had some rules.
second, they did not lay this semantic on, they referred to the practice
of splitting text strings into 255-octet chunks and claimed that because
of this practice they were going to assume that if multiple chunks were
present they must have been split from some larger string.
...
I've successfully pushed back against DNS tooling behavior which says
"just join TXT strings together" and persuaded folks that this is
application specific, with that being one common behavior which it's
good to support. In Exim's case, in those cases where folks have to
manually code DNS lookups with `${dnsdb ...}`, the TXT handling
explicitly allows for specifying how results from multiple strings, and
multiple records, should be handled.
thank you for that. i think more work will be needed for DKIM and SPF
applications who depend on the TXT record, but your approach illuminates
that work.
specifically, if a consumer of DKIM or SPF sees multiple text segments
which are not meaningful (contain no known keywords, have the wrong
number of fields, or whatever) they should try again assuming that each
segment is a word and that they are separated by whitespace. if the
second interpretation results in meaning, it should be treated as success.
or else, only if the segment is the maximum size permitted by TXT RDATA
formatting, should it be presumed to have been split from a larger string.
or both.
--
P Vixie
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
