[dmarc-discuss] DNS RR Types
johnl at taugh.com
Fri Mar 9 14:45:43 PST 2012
>If you're doing DKIM you've already got issues with wild carding.
Yes and no. I use wildcard DNS for DKIM and it works great, but I'm
only wildcarding the selectors. (I use a different selector for every
message, so I can tell who's checking each message if I want.)
The DMARC spec mentions wildcards, but I don't see any useful application
for them with DMARC since _dmarc.*.example.com doesn't work.
>There was just an incredibly long and painful (it may not be over yet, I'm not
>sure) on the IETF main list on this topic. Depending on who you talk to, it's
>either trivially easy and there's no good reason to do it or it takes a lot of
>effort to get everything lined up for internet scale deployments. Most of the
>former are the sorts that hand edit BIND zone files in vim and (at least to me)
>seem to lack perspective on the complexity of delivering new DNS RR types to
>domains that are not managed by technical experts.
Uh, yeah. I'm working, slowly, on a DNS description language intended
to allow people to provision new RR types by editing config files.
The vim crowd is sure it's a bad idea, but I've had a fair amount of
interest from people who actually manage DNS provisioning systems.
It's not likely to be usable in time to be relevant to DMARC, though.
John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly
More information about the dmarc-discuss