Need DNS records help for single server (and IP), and multi-domain mail server.
bind-users at gtaylor.tnetconsulting.net
bind-users at gtaylor.tnetconsulting.net
Thu Aug 24 01:31:19 UTC 2017
On 08/23/2017 05:47 PM, Reindl Harald wrote:
> arrakis.thelounge.net. 86399 IN SPF "v=spf1 a
> ip4:91.118.73.0/24 ip4:95.129.202.170 -all"
>
> prometheus.thelounge.net. 86399 IN SPF "v=spf1 a
> ip4:91.118.73.0/24 ip4:95.129.202.170 -all"
>
> otherwise only @example.com *itself* is protected from forging, our
> homegrown DNS backend automatcially publishes SPF records for every
> hostname in every domain
This might be a case to use the include so that each host can include
(read: pull in) the SPF record for the parent domain.
Obviously it depends on how your infrastructure is configured.
> also avoid "v=spf1 mx" - why?
> because it's a useless DNS lookup on the receiver
> publish ip-adresses whenever possible - the connecting IP is known for
> free, the MX is not relevant on the destination server when receive
> email as long as you force the lookup by careless SPF records
I think that it may be possible for someone to publish a PTR record in
their IP space that reverse resolves to a name of one of your MX
servers. There by allowing their bogus server to send email as you.
--
Grant. . . .
unix || die
--
Grant. . . .
unix || die
More information about the bind-users
mailing list