Hi,
yes, you're right on both points.
Sorry for the confusion
Ale
On Fri 29/Nov/2024 15:27:19 +0100 Daniel K. wrote:
On 11/28/24 18:46, Alessandro Vesely wrote:
On Thu 28/Nov/2024 18:11:50 +0100 Daniel K. wrote:
Add a new step 4, and renumber the later steps?
4. If the length of the constructed name exceed DNS limits,
a positive determination of the external reporting
relationship cannot be made; stop.
s/ stop/ therefore no report should be sent to such address/.
I based the 'stop' on the similar text in the current step 6.
6. If the result includes no TXT resource records that
pass basic parsing, a positive determination of the
external reporting relationship cannot be made; stop.
which then leans on the later text:
Where the above algorithm fails to confirm that the
external reporting was authorized by the Report Consumer,
the URI MUST be ignored by the Mail Receiver generating
the report.
And also add a final paragraph to the end of the same section, maybe
something like this:
If the Author Domain is so long that external verification
fails in step 4, above, you will not be able to use the
third party Report Receiver. As a workaround, you can set
up a local mailbox that forwards to the third party Report
Receiver.
I'd say /might fail/. Not sure every library has a hard limit of 254 chars.
EDNS lets you send longer queries. I'd guess at limit cases some resolver can
fail while some other can succeed. Any better info, anyone?
I don't think there is any ambiguity here. The length of the DNS *query*
is not affected by EDNS, and is, according to RFC 1035, "restricted to
255 octets or less".
If you test with dig, you only have 253 characters available not
counting the implied final dot and NUL byte.
Daniel K.
_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]
