> 1) Anybody know the maximum number of characters allowed in a TXT field?
A simple question, but a complicated answer.
You may have multiple "strings" in a single TXT record. Each "string" may be up to 255 characters in length, with a "length byte" indicating the size of the "string"'s payload. I don't believe there is any arbitrary limitation on the number of "string"s in a TXT record, but the RDATA itself may not exceed 65535 bytes in total, which is comprised of both the length-bytes and payloads of all "string"s contained therein. That 64K limit is a general restriction on DNS records of all types, not specific to TXT records.
Note that any DNS response which exceeds 512 bytes is slightly undesirable, since in the absence of EDNS0 (which the vast majority of -- but not all -- implementations honor these days), responses which exceed 512 bytes will signal truncation and prompt a retry via TCP. It's optimal to stay within 512 bytes if possible.
> 2) What is the maximum number of includes inside a SFP field?
I assume you mean SPF (Sender Policy Framework), the anti-SPAM(ming) mechanism (?)
I'm no SPF expert but in glancing at the documentation it looks like there is no arbitrary limit on the number of "include"s. Since SPF "records" are stuffed into (one or more?) TXT records, the above limits in the answer to question #1 would apply.
Maybe someone with better knowledge of and/or experience with SPF can confirm or deny.
> 2) What is the maximum number of includes inside a SFP field?
It is RECOMMENDED that SPF library implementations limit the number of DNS operations performed during a lookup to ten, to cut down on the chances of a denial-of-service exercise using SPF and to short-circuit any possible include loops. Each lookup counts, and a lookup of an include is no exception to this rule.
If there were nothing in the base record beyond IP ranges and one or more includes, and all of the includes provided records with only IP ranges and possibly other includes, then ten total includes should be expected to work. Stick in a ptr clause (or anything else calling for a new DNS operation), and the number of potential includes decreases.
On Thu, March 26, 2009 19:19, Kevin Darcy wrote: >> 2) What is the maximum number of includes inside a SFP field?
> I assume you mean SPF (Sender Policy Framework), the anti-SPAM(ming) > mechanism (?)
> I'm no SPF expert but in glancing at the documentation it looks like > there is no arbitrary limit on the number of "include"s. Since SPF > "records" are stuffed into (one or more?) TXT records, the above limits > in the answer to question #1 would apply.
Kevin, it looks like you are correct. From the RFC:
-------- 3.1.4. Record Size
The published SPF record for a given domain name SHOULD remain small enough that the results of a query for it will fit within 512 octets. This will keep even older DNS implementations from falling over to TCP. Since the answer size is dependent on many things outside the scope of this document, it is only possible to give this guideline: If the combined length of the DNS name and the text of all the records of a given type (TXT or SPF) is under 450 characters, then DNS answers should fit in UDP packets. Note that when computing the sizes for queries of the TXT format, one must take into account any other TXT records published at the domain name. Records that are too long to fit in a single UDP packet MAY be silently ignored by SPF clients. --------
So, it appears that you can as many include's in a SPF record as you wish, but it would be wise to keep the size of the SPF record below ~450 characters.
On Thu, Mar 26, 2009 at 9:11 PM, Vincent Rivellino <vi...@cuz.cx> wrote: > On Thu, March 26, 2009 19:19, Kevin Darcy wrote: >>> 2) What is the maximum number of includes inside a SFP field?
>> I assume you mean SPF (Sender Policy Framework), the anti-SPAM(ming) >> mechanism (?)
>> I'm no SPF expert but in glancing at the documentation it looks like >> there is no arbitrary limit on the number of "include"s. Since SPF >> "records" are stuffed into (one or more?) TXT records, the above limits >> in the answer to question #1 would apply.
> Kevin, it looks like you are correct. =A0From the RFC:
> -------- > 3.1.4. =A0Record Size
> =A0 The published SPF record for a given domain name SHOULD remain small > =A0 enough that the results of a query for it will fit within 512 octets. > =A0 This will keep even older DNS implementations from falling over to > =A0 TCP. =A0Since the answer size is dependent on many things outside the > =A0 scope of this document, it is only possible to give this guideline: > =A0 If the combined length of the DNS name and the text of all the > =A0 records of a given type (TXT or SPF) is under 450 characters, then > =A0 DNS answers should fit in UDP packets. =A0Note that when computing the > =A0 sizes for queries of the TXT format, one must take into account any > =A0 other TXT records published at the domain name. =A0Records that are t= oo > =A0 long to fit in a single UDP packet MAY be silently ignored by SPF > =A0 clients. > --------
> So, it appears that you can as many include's in a SPF record as you wish, > but it would be wise to keep the size of the SPF record below ~450 > characters.
Notice there are two sets of quoted text here to simulate the entire TXT string being longer than 255 chars. You'd just split it up into multiple quoted strings that each are not longer than 255 chars.
Note that there is a leading space in the second string. For SPF processing, these TXT strings are concatenated together as-is and without the leading space in the second string, it would generate a syntax error.
> 2) What is the maximum number of includes inside a SFP field?
Don't chain them more than 2 or 3 times, you'll run into SPF processing limits. If you have to use more than that, then you need to rethink you're matching approach.
The RFCs on the subject limit DNS lookups to 10, that includes the TXT record itself, any A, MX and PTR records that have to be looked up by name, and any further "include:" lookups and associated records. A Permanent Error will be returned if you exceed the 10 lookup limit.
