Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Best practices for record duplicates #117

Open
pawel-kow opened this issue Jan 24, 2025 · 0 comments
Open

Best practices for record duplicates #117

pawel-kow opened this issue Jan 24, 2025 · 0 comments
Labels
IETF Issues reported from IETF process

Comments

@pawel-kow
Copy link
Member

On 07.01.25 12:17, Arnt Gulbrandsen wrote:

Few of you will know Mox, an ambitious mail server with a version number below 1.0. Mox's goal is to make selfhosted mail doable for a lot of people who can't today, but would like to. When you install Mox, it asks you you to add about a dozen RRs to your domain. It's a screenful, and may be the trickiest part of installing Mox.

Both of these should be able to use domainconnect, IMNSHO. It seems possible (as I read the document at least). They'd need a web server, but that's something they need for other reasons. (Arguably they need domainconnect precisely because they have a web server.)

My question: When you run several of these, particularly Mox, you'll write a lot of RRs. I don't see anything that blocks one service from overwriting another's RRs. Did I overlook anything?

[PK] Do you mean a scenario where each instance of the server would be additive to the instance that already exists on this particular domain? Say server A would like provision MX a.example.com, and server B would like to provision MX b.example.com?

Suppose you want to run both Mox, which asks you to add a CAA RR, and also something else that wants a CAA RR. For CAA the two desired RRs would tend to have the same value, but for other RR types the values might often differ. Shouldn't the document discuss what happens if two services want to write overlapping/conflicting sets of RRs?

OK, I get it. CAA with different values are just OK. With the same values likely make no harm but some DNS software won't allow for it so some text how to deal with it would be indeed helpful.

For some records, like SPF, there is a dedicated solution in domain connect to merge them from several services. For other, like DMARC, there is actually no reasonable way to do it, other than protecting against invalid configuration of having more than one on the same host. This is defined at least for TXT records in the protocol.

There are some best practices though, which can be added to the draft - good point.
@pawel-kow pawel-kow added the IETF Issues reported from IETF process label Jan 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
IETF Issues reported from IETF process
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pawel-kow