On Wed, 2006-11-15 at 09:48 -0600, wayne wrote: > In <[EMAIL PROTECTED]> Douglas Otis > <[EMAIL PROTECTED]> writes: > > > On Tue, 2006-11-14 at 12:16 -0600, wayne wrote: > >> In <[EMAIL PROTECTED]> Douglas Otis > >> <[EMAIL PROTECTED]> writes: > >> > >> > The SPF script language does not improve data compression. APL > >> > RR (RFC3123) provides 10 times the informational density and > >> > existed prior to SPF development. > >> > >> *sigh* > >> > >> Where do you get this "10 times" claim from? > > > > Don't ignore the overhead added to SPF scripts, such as various tags and > > record chaining. CIDRs listed in 10 chained TXT resource records used > > by Paypal.com can be accomplished within a single APL RR, for example. > > *sigh* > > let's check your claim about paypal.com that paypal.com can use a > single APL RR, apparently that backs up your claim that APL records > are *ten times* as short as SPF records.
... > paypal.com's SPF record encodes 59 different IP blocks. So,an APL > record will need about 59*8=472 bytes. Will this fit in a UDP packet? Check paypal's existing SPF records... $ dig paypal.com TXT ;; Truncated, retrying in TCP mode. ; <<>> DiG 9.3.3rc2 <<>> paypal.com TXT ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39361 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 4, ADDITIONAL: 4 ;; Query time: 27 msec ;; SERVER: 208.201.224.33#53(208.201.224.33) ;; WHEN: Wed Nov 15 19:44:29 2006 ;; MSG SIZE rcvd: 477 >>> --- Even SPF records used by paypal.com do not fit! Disney indicated their inability to fit all of their IP addresses within SPF records as well. Clearly SPF represents data structures far too large for safely publishing with DNS. SPF scripts do not reduce the record size as Andras suggested. In this case, SPF with TCP fallback makes paypal.com prone themselves. There are any number of ways to resolve the fundamental design problem, and several solutions have been suggested. This list is not where solutions are to be discussed however. -Doug . dnsop resources:_____________________________________________________ web user interface: http://darkwing.uoregon.edu/~llynch/dnsop.html mhonarc archive: http://darkwing.uoregon.edu/~llynch/dnsop/index.html
