Add TXT records for SPF when CNAME exists in same sub-domain

Mark Andrews marka at isc.org
Tue Nov 29 05:57:49 UTC 2022 

Place the TXT record at the target of the CNAME.

> On 29 Nov 2022, at 11:03, Chris Liesfield <chris.liesfield at gmail.com> wrote:
> 
> Hi All. Hopefully my terminology is correct and I make sense.
> 
> We have a main domain "something.com.au" with a few sub-domains, "this", "that", etc.
> 
> For all of our 'A' records in something.com.au, we have specified TXT records for SPF, however our sub-domains contain CNAMEs only.
> 
> It appears TXT and CNAME records for the same string/host cannot co-exist. We are able to specify an SPF record for the origin only in each sub-domain.
> 
> Open to any suggestions on how to get around this issue.
> 
> Thanks in advance.
> 
> $TTL 3600
> @                       IN      SOA  something.com.au. bofh.something.com.au. (
>                                         2022112901 ; serial
>                                         10800      ; refresh (3 hours)
>                                         3600       ; retry (1 hour)
>                                         604800     ; expire (1 week)
>                                         3600       ; minimum (1 hour)
>                                         )
>                         NS      ns1.something.com.au.
>                         NS      ns2.something.com.au.
>                         MX      10 mail.something.com.au.
> 
> ; A Records
> 
> localhost               A       127.0.0.1
> www                   A       1.2.3.4
> @ IN      A       1.2.3.4
> 
> ; SPF records
> 
> ; working without a problem.
> www                     TXT     "v=spf1 -all"
> 
> $ORIGIN this.something.com.au.
> $TTL 3600       ; 1 hour
> www                     CNAME   stuff.somewhereelse.com.au.
> @                       CNAME   stuff.somewhereelse.com.au.
> 
> ; SPF records
> 
> ; BIND considers this an invalid statement - no corresponding 'A' record - conflict with CNAME?
> www                     TXT     "v=spf1 -all"
> ; working without a problem.
> @                       TXT     "v=spf1 -all"
> 
> $ORIGIN that.something.com.au.
> $TTL 3600       ; 1 hour
> www                     CNAME   stuff.overthere.com.au.
> @                       CNAME   stuff.overthere.com.au.
> 
> ; SPF records
> 
> ; BIND considers this an invalid statement - no corresponding 'A' record - conflict with CNAME?
> www                     TXT     "v=spf1 -all"
> ; working without a problem.
> @                       TXT     "v=spf1 -all"
> 
> -- 
> Chris.
>  
>  
> 
> -- 
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the bind-users mailing list