Am 24.08.2017 um 04:57 schrieb Grant Taylor:
On 08/23/2017 07:50 PM, Reindl Harald wrote:
which means again: additional dns lookups while ip-adresses and ranges
are done with a single lookup
Yes, it does mean additional lookups, which there are a finite number of.
besides it's not true because SPF has nothing to do with PTR and they
won't get https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS
how is that related to the topic at all?
It's my understanding that some SPF implementations will do a reverse
DNS lookup on the connecting IP and test the name from the PTR record
against the SPF record of the purported sending domain.
that's not the job of SPF at all and at least no sane implementation
talkin g about mailservers and DNS is using just the PTR without verify
it against the A-recrd *because* you can't froge both but you may
control the PTR records of a random network like we do for our public /24
Thus the ability for Evil Spammer to arrange for the PTR record of their
server to return a name that is allowed via SPF
but again: SPF is not about dns names
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users