Open netson opened 4 years ago
seanthegeek
commented
4 years ago Currently I don't know how I would go about calculating this, especially when DNSSEC is used. So for now this isn't on my to do list, but I'll leave this issue open for tracking in case someone has ideas.
rotten
commented
4 years ago Could you use this method on the response object from a query and set the max_size variable to see if it thows the "TooBig" exception? https://github.com/rthalley/dnspython/blob/5567d9dd529f2d9e0f63b461517ab68882c09597/dns/message.py#L394
ie:
dns_response = dns.resolver.query('mydomain', 'recordtype')
try:
dns_response.response.to_wire(max_size=512)
except dns.exception.TooBig:
print('say something')
Hi, I love this tool! It has saved me a bunch of headaches already, so thanks for sharing!
I believe checkdmarc doesn't actively check the DNS answer packet size? According to the RFC for SPF, it is recommended to keep the size of the UDP packet below 512 bytes (see https://tools.ietf.org/html/rfc7208 - paragraph 3.4 Record Size).
I know this is hard to calculate before hand (taking into account all variables, including other TXT records), but when checkdmarc queries the DNS, wouldn't it be able to show a warning if the answer is "too" large? "too" is quoted because this depends on whether or not the DNS implementation supports EDNS0 and/or DNS over TCP.
It would be a very nice addition to the tool and help people find issues with their SPF implementation!
Keep up the good work!