check-names conflicts with SPF macro definition
Daniel Stirnimann
daniel.stirnimann at switch.ch
Mon Jan 4 09:59:35 UTC 2021
Hello Mark,
the "exists" [1] macro results in A queries and the zone contains A
records. That's why the check-names processing applied.
Thanks for the hint regarding the nameserver hostnames.
Daniel
[1] https://tools.ietf.org/html/rfc7208#section-5.7
On 04.01.21 10:33, Mark Andrews wrote:
> SPF records are TXT record which are NOT subject to check-names processing.
>
> If you created a seperate zone use nameservers that DO NOT live within the zone.
> ns1._spf.switch.ch is NOT a legal hostname as it is not LDH.
>
>> On 4 Jan 2021, at 20:01, Daniel Stirnimann <daniel.stirnimann at switch.ch> wrote:
>>
>> Hello all,
>>
>> I changed SPF for switch.ch to use SPF macros (RFC 7208). I wanted to
>> use the "_spf" label but bind9 check-names complained with a "bad owner
>> name (check-names)" message.
>>
>> I have now used "spf" instead of "_spf", e.g. exists:%{ir}.spf.switch.ch
>>
>> I didn't want to disable check-names for switch.ch because of this
>> conflict. However, SPF record publishing is generally recommended to use
>> the "_spf" subdomain which is not possible in this case.
>>
>> I guess, the only alternative would have been to make "_spf.switch.ch"
>> its own zone and set check-names for this zone statement to "ignore". Or
>> would this be a good reasons to loosen the check-names rules in bind9?
>>
>> Thanks,
>> Daniel
More information about the bind-users
mailing list