Re: spf ent txt records.

2013-03-22 Thread John Levine
>It is or would have been, very little cost to publish SPF records. Not until we fix the provisioning problem. (News flash: in 99.9% of the Internet, people do not edit master files with vi.) In the early days of SPF, it was remarkably hard to get TXT records provisioned, even though TXT records

Re: spf ent txt records.

2013-03-22 Thread John Levine
>I've not been keeping up with the IETF; is there a document that >describes what looks like a de facto standard of using _pname labels >with TXT RRs that is being followed by at least DMARC and DANE in >*._tcp.example.com, *._smimecert.example.com, and _dmarc.example.com No, but Dave Crocker is w

Re: spf ent txt records.

2013-03-22 Thread Vernon Schryver
> From: John Wobus > 1) An RFC (or RFCs) that specifies a set of specific TXT record content > formats that are specified to have particular meanings, e.g. 'don't do > the > following unless it's an SPF record'. I've not been keeping up with the IETF; is there a document that describes what lo

Re: spf ent txt records.

2013-03-22 Thread John Wobus
On Mar 18, 2013, at 12:00 AM, Mark Andrews wrote: It's not that is is esthetically pleasing to put SPF data into its own RR type. It's that TXT has been hijacked and contining to add more uses to TXT does not scale. TXT is a reasonable record for proof of concept. It isn't and never has been a

Re: spf ent txt records.

2013-03-18 Thread Noel Butler
On Mon, 2013-03-18 at 16:52 -0700, SM wrote: > SPF RR type Had a bit of a read of that thread, and the most noise comes from a guy who should know better, but doesn't, Mr Kitterman repeatedly says "If it's all so obvious that it makes sense to publish SPF records, why aren't more people doing

Re: spf ent txt records.

2013-03-18 Thread SM
At 08:35 18-03-2013, Vernon Schryver wrote: Also, those who are not lazy, who think RFC 4408bis is wrong, and want to use type 99 without violating RFC 4408bis will go to the IEFF. I suggest reading the messages with a subject line of "#9: RFC 4408 SPF RR type" in the mail archive at http://w

Re: spf ent txt records.

2013-03-18 Thread Mark Andrews
In message <201303181535.r2ifz8ga017...@calcite.rhyolite.com>, Vernon Schryver writes: > } Turning off lookup for TXT record lookup for SPF would have very > } little negative impact. You would have some additional spoofed > } email getting through and some additional blow back (which could > }

Re: spf ent txt records.

2013-03-18 Thread Dave Warren
On 2013-03-17 22:35, Doug Barton wrote: On 3/17/2013 5:59 PM, Mark Andrews wrote: The rational course would be to set a sunset date on TXT style spf records. April 2016 looks like a good date. 10 years after RFC 4408 was published. +1 Unfortunately there's really no need to change behaviou

Re: spf ent txt records.

2013-03-18 Thread Vernon Schryver
> > I'd go along with that, if they can't get their act together within 3 > > years, then that IS pure laziness. I think "laziness" better fits answering port 443 with HTTP/TLS-SSL and not publishing DANE RRs with existing certs or fingerprints. The contrib/dane directory in current versions of BI

Re: spf ent txt records.

2013-03-18 Thread nudge dread
On Mon, Mar 18, 2013, at 03:19 AM, Noel Butler wrote: > > > Vernon Schryver writes: > > > > > to laziness, DNS is not rocket science, I'm sure given ARM and > > access to > > > > google, a 13yo kid could get at least the "basics" right. > > > > > > Laziness?--nonsense. Postel's Law and simple l

Re: spf ent txt records.

2013-03-17 Thread Doug Barton
On 3/17/2013 5:59 PM, Mark Andrews wrote: The rational course would be to set a sunset date on TXT style spf records. April 2016 looks like a good date. 10 years after RFC 4408 was published. +1 ___ Please visit https://lists.isc.org/mailman/listinf

Re: spf ent txt records.

2013-03-17 Thread Mark Andrews
In message <201303180329.r2i3tycx025...@calcite.rhyolite.com>, Vernon Schryver writes: > > From: Mark Andrews > > > Yet libspf2 requests SPF records and falls back to TXT on NODATA. > > It does not do a TXT query if it gets a SPF response. > > Even if my option of SPF is insane, compare the 2008

Re: spf ent txt records.

2013-03-17 Thread Vernon Schryver
> From: Mark Andrews > Yet libspf2 requests SPF records and falls back to TXT on NODATA. > It does not do a TXT query if it gets a SPF response. Even if my option of SPF is insane, compare the 2008 dates on http://www.libspf2.org/ and the 2012 date on the surveys in RFC 6686. It's clear that for

Re: spf ent txt records.

2013-03-17 Thread Noel Butler
> Vernon Schryver writes: > > > to laziness, DNS is not rocket science, I'm sure given ARM and > access to > > > google, a 13yo kid could get at least the "basics" right. > > > > Laziness?--nonsense. Postel's Law and simple logic predict the truth hurts eh. Didn't see your original post, vi

Re: spf ent txt records.

2013-03-17 Thread Mark Andrews
In message <201303180038.r2i0cwet026...@calcite.rhyolite.com>, Vernon Schryver writes: > > 20741, so direct SPF RR hits is about one third of those using TXT RR, > > small, but, insignificant? I wouldn't really say so, but some might. I > > suspect the SPF wanting to be deprecated is because of

Re: spf ent txt records.

2013-03-17 Thread Vernon Schryver
> 20741, so direct SPF RR hits is about one third of those using TXT RR, > small, but, insignificant? I wouldn't really say so, but some might. I > suspect the SPF wanting to be deprecated is because of the lack of > take-up, due to lazy admins, there are some resolvers in use from > ancient debi

Re: spf ent txt records.

2013-03-17 Thread Noel Butler
On Thu, 2013-03-14 at 17:29 +1000, Noel Butler wrote: > On Wed, 2013-03-13 at 19:33 -0700, Dave Warren wrote: > > > On 3/13/2013 17:11, Noel Butler wrote: > > > > > > > On Wed, 2013-03-13 at 14:43 -0700, Dave Warren wrote: > > > > > > > I almost wouldn't bother with SPF records these days th

Re: spf ent txt records.

2013-03-14 Thread Noel Butler
On Wed, 2013-03-13 at 19:33 -0700, Dave Warren wrote: > On 3/13/2013 17:11, Noel Butler wrote: > > > > > On Wed, 2013-03-13 at 14:43 -0700, Dave Warren wrote: > > > > > I almost wouldn't bother with SPF records these days though, except that > > > the code was already written. > > > > > > >

Re: spf ent txt records.

2013-03-13 Thread Dave Warren
On 3/13/2013 17:11, Noel Butler wrote: On Wed, 2013-03-13 at 14:43 -0700, Dave Warren wrote: I almost wouldn't bother with SPF records these days though, except that the code was already written. # grep SPF maillog |grep -c '\-all' 2438 # grep SPF maillog |grep -c '\~all' 7509 Can you compa

Re: spf ent txt records.

2013-03-13 Thread Noel Butler
On Wed, 2013-03-13 at 14:43 -0700, Dave Warren wrote: > > I almost wouldn't bother with SPF records these days though, except that > the code was already written. > # grep SPF maillog |grep -c '\-all' 2438 # grep SPF maillog |grep -c '\~all' 7509 since midnight Sunday... looks like its wor

Re: spf ent txt records.

2013-03-13 Thread Dave Warren
On 3/13/2013 05:09, G.W. Haywood wrote: Ref. : Early implementations used TXT records for implementation before the new record type was commonly available in DNS software. Use of TXT records for SPF was intended as a transitional mechanism. However, according to the current RFC, RFC 4408, sec

Re: spf ent txt records.

2013-03-13 Thread SM
At 04:40 AM 3/13/2013, Jan-Piet Mens wrote: BIND has supported SPF records since 9.4 I think, so yes. Their functionality is identical (i.e. define both if you want/need both) name ttl class TXT text name ttl class SPF text The DNS query will likely be for TXT R

Re: spf ent txt records.

2013-03-13 Thread Shane Kerr
Hugo, On Wednesday, 2013-03-13 11:33:35 +, hugo hugoo wrote: > Dear all, > > I received the following question and I am not able to aswer as spf > records are still mysterious to me. We are using BIND 9.7. > > Thanks in advance for your answers, > > Hugo, > > > > Does our DNS-ser

Re: spf ent txt records.

2013-03-13 Thread G.W. Haywood
Hi there, On Wed, 13 Mar 2013, hugo hugoo wrote: I received the following question and I am not able to aswer as spf records are still mysterious to me. We are using BIND 9.7. Does our DNS-server support SPF-type records? Or do we put SPF-info in a TXT-record? My answers would be "Yes" an

Re: spf ent txt records.

2013-03-13 Thread Sten Carlsen
I used both types with Bind 9.2.1, so both types should work for you. As I recall the only difference was txt -> spf as RR type. hugo hugoo wrote: >Dear all, > >I received the following question and I am not able to aswer as spf >records are still mysterious to me. >We are using BIND 9.7. > >

Re: spf ent txt records.

2013-03-13 Thread Jan-Piet Mens
> Does our DNS-server support SPF-type records? Or do we put SPF-info in a > TXT-record? BIND has supported SPF records since 9.4 I think, so yes. Their functionality is identical (i.e. define both if you want/need both) name ttl class TXT text name ttl class SPF

Re: spf ent txt records.

2013-03-13 Thread Leonardo Santagostini
Hello Hugo, You can try looking at your zone files for SPF records and/or TXT containing spf stuff. You con implement SPF records as you wish. Maybe you can take a look at: http://www.zytrax.com/books/dns/ch9/spf.html Saludos / Regards Leonardo Santagostini

spf ent txt records.

2013-03-13 Thread hugo hugoo
Dear all, I received the following question and I am not able to aswer as spf records are still mysterious to me. We are using BIND 9.7. Thanks in advance for your answers, Hugo, Does our DNS-server support SPF-type records? Or do we put SPF-info in a TXT-record? Ref. : Early imple