[Pdns-users] dig doesn't work after adding SPF record

Frands Hansen dns at frands.net
Fri Jul 31 15:09:39 UTC 2009 

Exactly how did you add your SPF record?

This would be the correct way:

domain.tld TXT "v=spf1 blabla"

SPF records are not really "SPF" but "TXT" records with spf content.

-
Frands B. Hansen

On 31/07/2009, at 17:04, shion wrote:

>
> Hi folks,
>
> I have added a domain in my nameserver with the following  
> configuration:
> SOA	ns.inwx.de foo at bar.de 2009073103
> NS	ns.inwx.de
> NS	ns2.inwx.de
> NS	ns3.inwx.de
>
> After this I have checked the entries with dig, that everything is  
> correct.
>
> -----------------------------------------------------------------
> $ dig @ns.inwx.de spf-record-test.de ANY
>
> ; <<>> DiG 9.5.1-P2 <<>> @ns.inwx.de spf-record-test.de ANY
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42148
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 3
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;spf-record-test.de.            IN      ANY
>
> ;; ANSWER SECTION:
> spf-record-test.de.     3600    IN      NS      ns.inwx.de.
> spf-record-test.de.     3600    IN      NS      ns2.inwx.de.
> spf-record-test.de.     3600    IN      SOA     ns.inwx.de.  
> foo at bar.de.
> 2009073103 10800 3600 604800 3600
> spf-record-test.de.     3600    IN      NS      ns3.inwx.de.
>
> ;; ADDITIONAL SECTION:
> ns3.inwx.de.            3600    IN      A       217.20.112.194
> ns2.inwx.de.            3600    IN      A       213.239.206.103
> ns.inwx.de.             3600    IN      A       217.70.142.66
>
> ;; Query time: 26 msec
> ;; SERVER: 217.70.142.66#53(217.70.142.66)
> ;; WHEN: Fri Jul 31 16:09:54 2009
> ;; MSG SIZE  rcvd: 181
> -----------------------------------------------------------------
>
> Next step..
> Now I have added a SPF record.
> SPF	v=spf1 -all
>
> And checked the entries with dig again.
>
> -----------------------------------------------------------------
> $ dig @ns.inwx.de spf-record-test.de ANY
>
> ; <<>> DiG 9.5.1-P2 <<>> @ns.inwx.de spf-record-test.de ANY
> ; (1 server found)
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54903
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> ;; WARNING: recursion requested but not available
>
> ;; QUESTION SECTION:
> ;spf-record-test.de.            IN      ANY
>
> ;; Query time: 27 msec
> ;; SERVER: 217.70.142.66#53(217.70.142.66)
> ;; WHEN: Fri Jul 31 16:12:29 2009
> ;; MSG SIZE  rcvd: 36
> -----------------------------------------------------------------
>
> After adding a SPF record, it isn't possible to dig the domain.
> I don't get any records of the domain. After removing the SPF record  
> it is
> possible again.
> It seems to be a problem with pdns and SPF records.
>
> Furthermore it seems that some mailservers can't deliver e-mails  
> because the
> nameserver lookup deferred, if the SPF record is set.
>
> Does somebody know, what I can do to solve the problem?
> Or maybe it is a bug?!
>
> The used pdns-server version is 2.9.22-1.
>
> $ dig -v
> DiG 9.5.1-P2
>
> Thanks,
>
> shion
> -- 
> View this message in context: http://www.nabble.com/dig-doesn%27t-work-after-adding-SPF-record-tp24757839p24757839.html
> Sent from the PowerDNS mailing list archive at Nabble.com.
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list