[dmarc-discuss] DNS RR Types
John Levine
johnl at taugh.com
Fri Mar 9 14:45:43 PST 2012
>If you're doing DKIM you've already got issues with wild carding.
Yes and no. I use wildcard DNS for DKIM and it works great, but I'm
only wildcarding the selectors. (I use a different selector for every
message, so I can tell who's checking each message if I want.)
The DMARC spec mentions wildcards, but I don't see any useful application
for them with DMARC since _dmarc.*.example.com doesn't work.
>There was just an incredibly long and painful (it may not be over yet, I'm not
>sure) on the IETF main list on this topic. Depending on who you talk to, it's
>either trivially easy and there's no good reason to do it or it takes a lot of
>effort to get everything lined up for internet scale deployments. Most of the
>former are the sorts that hand edit BIND zone files in vim and (at least to me)
>seem to lack perspective on the complexity of delivering new DNS RR types to
>domains that are not managed by technical experts.
Uh, yeah. I'm working, slowly, on a DNS description language intended
to allow people to provision new RR types by editing config files.
The vim crowd is sure it's a bad idea, but I've had a fair amount of
interest from people who actually manage DNS provisioning systems.
It's not likely to be usable in time to be relevant to DMARC, though.
--
Regards,
John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly
More information about the dmarc-discuss
mailing list