On Oct 25, 2010, at 8:11 AM, John R. Levine wrote: >>>> hangText="NOTE:"> The use of wildcard TXT records in the >>>> DNS will produce a response to a DKIM query that is >>>> unlikely to be valid DKIM key record. This problem >>>> applies to many other types of queries, and client >>>> software that processes DNS responses needs to take this >>>> problem into account.</t> >>> >>> I haven't heard anything but support for adding that. > > Forgive me if I repeat myself, but I still don't see anything wrong with this: > > *._domainkey.example.com IN TXT "v=DKIM1; p=; n=revoked" > > I'm trying to figure out the clearest way to say that wildcards for key > records within the _domainkey subtree are OK, while wildcards above it cause > problems since they are very unlikely to be key records.
Do you have an actual use case for that sort of thing, or is it just an example to poke at the "thou shalt not wildcard" wording? If the former, I've got a mild argument that it's slightly poor practice. If the latter, carry on. Cheers, Steve _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
