[prev in list] [next in list] [prev in thread] [next in thread] 

List:       djbdns
Subject:    Re: djbdns and SPF?
From:       Lloyd Zusman <ljz () asfast ! com>
Date:       2004-01-26 12:24:51
Message-ID: m3oesqq4mk.fsf () asfast ! com
[Download RAW message or body]

Phil Howard <phil-dns@ipal.net> writes:

> On Thu, Jan 08, 2004 at 11:13:51AM -0500, Toby Betts wrote:
>
> | There's also the big problem that caches can be poisoned and DNS as a 
> | whole isn't exactly secure. Adding TXT records is not a magic solution 
> | that's going to make our problems go away. It may be a neat idea, and 
> | there may be some benefits to it to boot, but it's a short-term, 
> | stop-gap solution.
>
> Why are we still see cache poisoning?  You're talking about some other
> DNS software, right?  Not DJBDNS, right?

Yes, I don't see any cache-poisoning problems that can arise under a
properly configured djbdns setup.

Given that I'm using djbdns, and assuming that I properly set up both
SPF and djbdns, I can't see any reason why having these extra TXT
records would cause problems on my end aside from the minor increase in
system load from having to respond to extra DNS queries on the part of
any SPF MTA's that are out there ... but perhaps I'm missing something
... ???

I understand most of the philosophical objections to SPF.  But I want to
experiment with it before coming to my own final conclusions about the
methodology.  So far, no one has pointed out any DNS-related technical
problems to my adding these extra TXT records, and unless someone does,
I'll probably be going forward with my tests.

-- 
 Lloyd Zusman
 ljz@asfast.com

[prev in list] [next in list] [prev in thread] [next in thread]