I have a domain entry in my DNS with 3 different TXT records (1 SPF, 1 Keybase proof and a DMARC entry).
I'm about to move my mail server to a new host so need to update the SPF record but I'm struggling to work out how to remove and replace just the SPF record with nsupdate.
At the moment the best option I can come up with is to script nsupdate to remove all 3 and add the 2 unchanged ones back before adding the updated SPF record.
Is there a way to just remove the 1 record?
When you not only specify the record name and type but also the existing value the name server should only remove the record with that value and leave the other records of the same type unchanged.
update delete domain-name [ ttl ] [ class ] [ type [ data...] ]
Deletes any resource records named domain-name. If type and data is provided, only matching resource records will be removed. The internet class is assumed if class is not supplied. The ttl is ignored, and is only allowed for compatibility.
update add domain-name ttl [ class ] type data...
Adds a new resource record with the specified ttl, class and data.
I.e.
# nsupdate
> update delete example.com 86400 TXT
> send
Should delete all TXT records, but when you are instead more specific:
# nsupdate
> update delete example.com 86400 TXT “v=spf1 a mx ip4:10.0.0.131”
> update add example.com 86400 TXT “v=spf1 a mx ip4:192.168.0.17”
> send
then nsupdate should delete only the SPF TXT record, which you can then replace with for instance a record with a different IPv4 address.
Or you can add the new ip-address some time before your planned migration, run with two allowed up-addresses for some time and only remove the old one after your migration is complete.
