Wildcard DNS (pros and cons)
Kevin Darcy
kcd at daimlerchrysler.com
Tue Dec 14 01:23:29 UTC 2004
Edward Buck wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Jonathan de Boyne Pollard wrote:
>| EB> IMO, dns entries should not be ambiguous.
>|
>| There's nothing inherently *ambiguous* about wildcards or the resource
>| record sets that are synthesized from them. Wildcards are just one form
>| of server-side aliases. (They alias together all of the
>| not-otherwise-explicitly specified labels.) That doesn't cause
>| ambiguity, per se.
>
>I agree that there's nothing inherently ambiguous about wildcard
>entries. But when the wildcard entry is abused and it becomes unclear
>whether the subdomain in question is valid or not, intended or not, then
>there is ambiguity. I pick on wildcards here but it's not just about
>dns wildcards. The smtp protocol is full of ambiguity, precipitating
>the need for sender verification protocols like SPF or DomainKeys.
>
I think you need to revisit the definition of the term "ambiguity".
There's nothing "ambiguous" about the source address of a connecting
SMTP client. What SPF and DomainKeys attempt to address is the
*authority* of that client to be sending SMTP messages for a specific
mail domain.
- Kevin
More information about the bind-users
mailing list