SPF record Syntax
Mark Andrews
marka at isc.org
Sat Jul 18 01:15:33 UTC 2009
In message <F3F4BB3D156B064A8BAEED301DA718943D1E8D at MSGMROCLM2WIN.DMN1.FMR.COM>,
"Situ, Kevin" writes:
> The type is TXT, not SPF
Actually the type is SPF. The idea is to stop using TXT
records but it will take some time especially if people go
around and say the type is TXT not SPF. It's been over 3
years now and if your nameserver or MTA don't support the
SPF record then it is time to upgrade them.
For most MTA it is no harder than making a SPF (99) query
then a TXT (16) query if you get a NXRRSET (NODATA) response
then adding SPF as a parrallel case for TXT when decoding
the response.
The one thing RFC 4408 missed was a end date for the use
of TXT records for SPF. April 2011 or April 2016 both
spring to mind as good dates.
Mark
RFC 4408 Sender Policy Framework (SPF) April 2006
3.1.1. DNS Resource Record Types
This document defines a new DNS RR of type SPF, code 99. The format
of this type is identical to the TXT RR [RFC1035]. For either type,
the character content of the record is encoded as [US-ASCII].
It is recognized that the current practice (using a TXT record) is
not optimal, but it is necessary because there are a number of DNS
server and resolver implementations in common use that cannot handle
the new RR type. The two-record-type scheme provides a forward path
to the better solution of using an RR type reserved for this purpose.
An SPF-compliant domain name SHOULD have SPF records of both RR
types. A compliant domain name MUST have a record of at least one
type. If a domain has records of both types, they MUST have
identical content. For example, instead of publishing just one
record as in Section 3.1 above, it is better to publish:
example.com. IN TXT "v=spf1 +mx a:colo.example.com/28 -all"
example.com. IN SPF "v=spf1 +mx a:colo.example.com/28 -all"
Example RRs in this document are shown with the TXT record type;
however, they could be published with the SPF type or with both
types.
> Best Regards
>
> Kevin Situ
>
>
> -----Original Message-----
> From: bind-users-bounces at lists.isc.org
> [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Martin McCormick
> Sent: Friday, July 17, 2009 3:04 PM
> To: bind-users at isc.org
> Subject: SPF record Syntax
>
> I found a couple of great articles that explain SPF records but
> not quite far enough. I am in a syntax war with nsupdate as the
> examples appear to show everything but how the actual record
> looks.
>
> They appear to be like many other RR's so I tried
>
> update add posse.okstate.edu. 10 IN SPF "v=spf1 ip4:209.235.101.208/29
> -all"
>
> and I get
>
> 'SPF' is not a valid type: unknown class/type
>
> Let's take out the TTL.
>
> As expected:
>
> ttl 'IN': not a valid number
>
> We are running bind9.5.1 and I did check to make sure
> that nsupdate is the right one for this version of bind. It is
> as it was installed the day I installed bind95 so it should
> understand SPF. Obviously, I have the wrong syntax.
>
> I've already gotten one "Are we their yet?" today so I need to
> find out what I am doing/not doing to get this SPF record
> in place.
>
> I did put a .TXT record in as this is a suggested
> procedure to handle resolvers that don't do SPF yet.
>
> Thanks for any help.
>
> Martin McCormick WB5AGZ Stillwater, OK
> Systems Engineer
> OSU Information Technology Department Telecommunications Services Group
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list