1

I've inherited a TinyDNS configuration that have following entries for SPF:

@domain.com:x.x.x.3:a::86400
@domain.com:x.x.x.103:c:10:86400

=domain.com:x.x.x.3:86400
=mail.domain.com:x.x.x.3:86400
=mail.domain.com:x.x.x.103:86400

'domain.com:v=spf1 ip4\072x.x.x.3 ip4\07231.130.96.103 ptr\072mail.domain.com +mx a -all:3600
'mail.domain.com:v=spf1 ip4\072x.x.x.3 ip4\072x.x.x.103 ptr\072mail.domain.com +mx a -all:3600
'a.mx.domain.com:v=spf1 ip4\072x.x.x.3 ip4\072x.x.x.103 ptr\072mail.domain.com +mx a -all:3600

This is the result from http://www.kitterman.com/spf/validate.html

SPF record lookup and validation for: domain.com

SPF records are primarily published in DNS as TXT records.

The TXT records found for your domain are:
v=spf1 ip4:x.x.x.3 ip4:x.x.x.103 ptr:mail.domain.com +mx a -all 

SPF records should also be published in DNS as type SPF records.
No type SPF records found.

Checking to see if there is a valid SPF record. 

Found v=spf1 record for domain.com: 
v=spf1 ip4:x.x.x.3 ip4:x.x.x.103 ptr:mail.domain.com +mx a -all 

evaluating...
SPF record passed validation test with pySPF (Python SPF library)!

I'm struggling with this from yesterday and cant figure it why this validator returns No type SPF records found. I see in BIND we cand define SPF type record with example.com. IN SPF "v=spf1 a -all", but in TinyDNS we only have TXT records that we set for SPF, maybe this is a problem?

Teddy
  • 111
  • 2
  • 4
  • And yes, that last line describes the problem exactly. Make a record of type SPF that exactly mirrors the record of type TXT. – MadHatter Apr 25 '14 at 20:35

2 Answers2

1

The SPF RR Type is not available in all DNS server implementations, which is why the RFCs allow consumers to fallback to TXT record evaluation.

If TinyDNS has no SPF record types, your configuration is just fine.

Mathias R. Jessen
  • 24,907
  • 4
  • 62
  • 95
0

You can manually enter a spf (type 99) record in tinydns format. The trick is that you have to include the length of the data in octal format.

You can use the wizard at http://anders.com/projects/sysadmin/djbdnsRecordBuilder/#SPF to generate a generic txt (type 12) record, then just change the 12 to 99 and you have a SPF record.

Here is an example:

:example.com:99:\041v=spf1 ip4\072192.168.001.01/30 -all:3600

The first : means a generic record for example.com. The 99 specifies record type 99. The \041 is octal for 33, the number of characters in the data. \072 is octal for :, count all encoded octal characters as 1 char.

Credit goes to Robert Thille for his post - http://osdir.com/ml/mail.spam.spf.help/2006-12/msg00065.html