Validation of _domainconnect TXT record contents

[ankon]

https://github.com/Domain-Connect/spec/blob/master/Domain%20Connect%20Spec%20Draft.adoc#3-dns-provider-discovery basically says "get the _domainconnect TXT record, and if you have one, treat it as a hostname and send a request."

That's probably "fine", but can lead to ugly problems when that TXT record contains other garbage -- such as when people misconfigure their DNS. For instance I found in our logs that we queried _domainconnect.usechatterly.com, and received what looks like a paddle verification record:

$ dig _domainconnect.usechatterly.com TXT +short
"paddle-verification=9b0880ce"

Bit of guessing, but what actually happened here is probably a user trying to verify a wildcard:

$ dig foobarbazquux.usechatterly.com TXT +short
"paddle-verification=9b0880ce"

I was wondering: Could the _domainconnect TXT record use a structured format instead (think like SPF records v=spf1 [stuff]), so that we can statically check that that TXT we got has at least a fighting chance of being a domain connect-related thing?

[pawel-kow]

Interesting remark. Wildcard DNS entries can be causing this a lot as I imagine. Migration to sth like v=dc1 could be a hell, however not to break existing clients.

For the current specification I may add a text to verify if the content of the record is a valid domain name.