[ietf-dkim] DNS wildcarding behavior scenarios
Michael Thomas
mike at mtcc.com
Fri Jun 8 17:41:14 PDT 2007
John Levine wrote:
>> 0) Pertinent Parts of my Zone: ...
>> mtcc.com.*. IN TXT "v=spf1 a mx include:cisco.com
>>
>
> I sure hope that was supposed to be *.mtcc.com. since a trailing star
> only matches a literal star.
>
Yes, my screwup when cutting and pasting.
>
> Nearly everyone agrees that in retrospect, it would have been better
> to design DNS wildcards differently. But if you control the whole
> zone, particularly if it's a new RR so it doesn't contaminate existing
> uses of TXT records, you can mechanically add extra records to get the
> effect of the wildcards you actually want.
>
Right, I just wanted remind people once again what wildcards do and
don't provide. Synthesizing the wildcard by mechanically populating
the record at existing nodes is possible, though extremely kludgey --
at least with the resolvers I'm familiar with.
One question though: is this an artifact of the actual protocol, or an
artifact of the resolvers themselves? I've never been clear on that.
As far as the bits on the wire, aren't wildcards actually invisible
to the querier?
Mike
More information about the ietf-dkim
mailing list