[bugzilla-daemon@xxxxxxxxxxxxx]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3797

           Summary: Support for SPF RR (RFC 4408)
           Product: Wireshark
           Version: 1.2.1
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: ivan_jr@xxxxxxxxx



Ivan Sy <ivan_jr@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3447|                            |review_for_checkin?
               Flag|                            |


Created an attachment (id=3447)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3447)
SPF RR RFC4408

Build Information:
wireshark 1.2.1

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.1, with GLib 2.20.1, with libpcap 1.0.0, with libz
1.2.3, without POSIX capabilities, with libpcre 7.8, with SMI 0.4.7, without
c-ares, with ADNS, without Lua, with GnuTLS 2.6.4, with Gcrypt 1.4.4, without
Kerberos, with GeoIP, with PortAudio <= V18, without AirPcap.

Running on FreeBSD 7.2-RELEASE-p1, with libpcap version 1.0.0, GnuTLS 2.6.4,
Gcrypt 1.4.4.

Built using gcc 4.2.1 20070719  [FreeBSD].

--
Support for SPF RR (RFC 4408)

- this has the same format as TXT RR (see section 3.1.1) below.
Currently wireshark 1.2.1 shows this as Unknown type 99

please see attached patch and packet capture of TXT and SPF RRs of the same
name.
fuzz ok

3.  SPF Records

   An SPF record is a DNS Resource Record (RR) that declares which hosts
   are, and are not, authorized to use a domain name for the "HELO" and
   "MAIL FROM" identities.  Loosely, the record partitions all hosts
   into permitted and not-permitted sets (though some hosts might fall
   into neither category).

   The SPF record is a single string of text.  An example record is the
   following:

      v=spf1 +mx a:colo.example.com/28 -all

   This record has a version of "spf1" and three directives: "+mx",
   "a:colo.example.com/28" (the + is implied), and "-all".

3.1.  Publishing

   Domain owners wishing to be SPF compliant must publish SPF records
   for the hosts that are used in the "MAIL FROM" and "HELO" identities.
   The SPF records are placed in the DNS tree at the host name it
   pertains to, not a subdomain under it, such as is done with SRV
   records.  This is the same whether the TXT or SPF RR type (see
   Section 3.1.1) is used.

   The example above in Section 3 might be published via these lines in
   a domain zone file:

      example.com.          TXT "v=spf1 +mx a:colo.example.com/28 -all"
      smtp-out.example.com. TXT "v=spf1 a -all"

   When publishing via TXT records, beware of other TXT records
   published there for other purposes.  They may cause problems with
   size limits (see Section 3.1.4).

3.1.1.  DNS Resource Record Types

   This document defines a new DNS RR of type SPF, code 99.  The format
   of this type is identical to the TXT RR [RFC1035].  For either type,
   the character content of the record is encoded as [US-ASCII].

   It is recognized that the current practice (using a TXT record) is
   not optimal, but it is necessary because there are a number of DNS
   server and resolver implementations in common use that cannot handle
   the new RR type.  The two-record-type scheme provides a forward path
   to the better solution of using an RR type reserved for this purpose.

   An SPF-compliant domain name SHOULD have SPF records of both RR
   types.  A compliant domain name MUST have a record of at least one
   type.  If a domain has records of both types, they MUST have
   identical content.  For example, instead of publishing just one
   record as in Section 3.1 above, it is better to publish:

      example.com. IN TXT "v=spf1 +mx a:colo.example.com/28 -all"
      example.com. IN SPF "v=spf1 +mx a:colo.example.com/28 -all"

   Example RRs in this document are shown with the TXT record type;
   however, they could be published with the SPF type or with both
   types.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.