[Pdns-users] dig doesn't work after adding SPF record

root root at ciuly.com
Fri Jul 31 15:36:02 UTC 2009


I beg a difference, if you read up on things, there is a SPF record type  
(99) added a while back and the TXT approach is getting deprecated: more  
info on the wiki: http://en.wikipedia.org/wiki/Sender_Policy_Framework

On Fri, 31 Jul 2009 18:09:39 +0300, Frands Hansen <dns at frands.net> wrote:

>
> Exactly how did you add your SPF record?
>
> This would be the correct way:
>
> domain.tld TXT "v=spf1 blabla"
>
> SPF records are not really "SPF" but "TXT" records with spf content.
>
> -
> Frands B. Hansen
>
> On 31/07/2009, at 17:04, shion wrote:
>
>>
>> Hi folks,
>>
>> I have added a domain in my nameserver with the following configuration:
>> SOA	ns.inwx.de foo at bar.de 2009073103
>> NS	ns.inwx.de
>> NS	ns2.inwx.de
>> NS	ns3.inwx.de
>>
>> After this I have checked the entries with dig, that everything is  
>> correct.
>>
>> -----------------------------------------------------------------
>> $ dig @ns.inwx.de spf-record-test.de ANY
>>
>> ; <<>> DiG 9.5.1-P2 <<>> @ns.inwx.de spf-record-test.de ANY
>> ; (1 server found)
>> ;; global options:  printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42148
>> ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 3
>> ;; WARNING: recursion requested but not available
>>
>> ;; QUESTION SECTION:
>> ;spf-record-test.de.            IN      ANY
>>
>> ;; ANSWER SECTION:
>> spf-record-test.de.     3600    IN      NS      ns.inwx.de.
>> spf-record-test.de.     3600    IN      NS      ns2.inwx.de.
>> spf-record-test.de.     3600    IN      SOA     ns.inwx.de. foo at bar.de.
>> 2009073103 10800 3600 604800 3600
>> spf-record-test.de.     3600    IN      NS      ns3.inwx.de.
>>
>> ;; ADDITIONAL SECTION:
>> ns3.inwx.de.            3600    IN      A       217.20.112.194
>> ns2.inwx.de.            3600    IN      A       213.239.206.103
>> ns.inwx.de.             3600    IN      A       217.70.142.66
>>
>> ;; Query time: 26 msec
>> ;; SERVER: 217.70.142.66#53(217.70.142.66)
>> ;; WHEN: Fri Jul 31 16:09:54 2009
>> ;; MSG SIZE  rcvd: 181
>> -----------------------------------------------------------------
>>
>> Next step..
>> Now I have added a SPF record.
>> SPF	v=spf1 -all
>>
>> And checked the entries with dig again.
>>
>> -----------------------------------------------------------------
>> $ dig @ns.inwx.de spf-record-test.de ANY
>>
>> ; <<>> DiG 9.5.1-P2 <<>> @ns.inwx.de spf-record-test.de ANY
>> ; (1 server found)
>> ;; global options:  printcmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54903
>> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>> ;; WARNING: recursion requested but not available
>>
>> ;; QUESTION SECTION:
>> ;spf-record-test.de.            IN      ANY
>>
>> ;; Query time: 27 msec
>> ;; SERVER: 217.70.142.66#53(217.70.142.66)
>> ;; WHEN: Fri Jul 31 16:12:29 2009
>> ;; MSG SIZE  rcvd: 36
>> -----------------------------------------------------------------
>>
>> After adding a SPF record, it isn't possible to dig the domain.
>> I don't get any records of the domain. After removing the SPF record it  
>> is
>> possible again.
>> It seems to be a problem with pdns and SPF records.
>>
>> Furthermore it seems that some mailservers can't deliver e-mails  
>> because the
>> nameserver lookup deferred, if the SPF record is set.
>>
>> Does somebody know, what I can do to solve the problem?
>> Or maybe it is a bug?!
>>
>> The used pdns-server version is 2.9.22-1.
>>
>> $ dig -v
>> DiG 9.5.1-P2
>>
>> Thanks,
>>
>> shion
>> --View this message in context:  
>> http://www.nabble.com/dig-doesn%27t-work-after-adding-SPF-record-tp24757839p24757839.html
>> Sent from the PowerDNS mailing list archive at Nabble.com.
>>
>> _______________________________________________
>> Pdns-users mailing list
>> Pdns-users at mailman.powerdns.com
>> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users



-- 
http://www.ciuly.com
-------------- next part --------------

No virus found in this outgoing message.
Checked by AVG - www.avg.com 
Version: 8.5.392 / Virus Database: 270.13.38/2274 - Release Date: 07/31/09 05:58:00


More information about the Pdns-users mailing list