On Sun, May 28, 2023 at 05:29:13PM +1000, Tony White wrote: > Add a new record to your Zone. Look for TXT record. Leave the > domain empty select TXT from the drop down list. In the filed > to its right insert the value > > -- snip --- > v=spf1 ip4:203.170.84.161 ~all > -- end snip --
That should be "-all", not "~all" (a minus sign, not a tilde). Also, while that IP address is correct for mail.algphoto.com.au (which is the MX for the domain, so is the designated address for the server **receiving** mail for that domain), it's not necessarily the IP address of the client host sending the email. The SPF TXT record should list **ALL** addresses that can legitimately claim to be sending mail from the algphoto.com.au domain. If mail from algphoto.com.au is only ever sent from 203.170.84.161 then that SPF TXT record is fine. If not, either configure client machines to relay through that server (with appropriate authentication as required) or add other required addresses to the SPF record. > change the TTL value to 3600 then save. > > The DNS will be updated in an hour or so. No, it won't. The zone will be updated as soon as it has been edited. Other DNS resolvers may have your some of your records cached due to prior queries, and it will take time (whatever's left of the TTL since the last query was made) for those cached entries to expire. Changing the TTL will only affect lookup requests by DNS resolvers that haven't already cached any of your DNS records. Setting the TTL to anything less than a day (86400 seconds) or half a day is not recommended for normal operation. This will just make other servers query your domain more often, defeating the purpose of a cache. A fairly common procedure when making significant changes to a domain is to set the TTL to a low value, say 5 minutes, *before* changing it, then waiting for the old TTL to expire (e.g. if it was set to 86400, you'll need to change the TTL at least a day before your changing your domain), and then make the changes. Later, set it back to 86400 or longer. This is really only needed when moving your NS or MX hosts, or when moving to another ISP (if you don't own your own IP addresses). Or just go ahead and edit your domain and don't worry about the TTL (for changing an SPF record, I wouldn't worry about it). The only real use for lowering the TTL is to make it easier for you to quickly fix any mistakes you might make, as they won't be cached for long. Worth noting: the cache TTL for NXDOMAIN negative responses (i.e. when requesting a record that does not exist) is usually much shorter than the TTL for a positive response, typically anywhere from 30 seconds to 15 minutes, rather than a day. So if the domain didn't previously have a TXT record, it won't be cached for long anyway. Also note that many DNS resolvers completely ignore domain TTLs and just cache the records (positive or negative or both) for however long they want, sometimes days or even weeks. This is broken but unfortunately common. It's also arguable that whoever owns those DNS servers have every right to configure the caching on their servers however they like. There's nothing you can do about it, anyway, because the caching happens on servers you have no access to or control over. craig -- craig sanders <c...@taz.net.au> _______________________________________________ luv-main mailing list -- luv-main@luv.asn.au To unsubscribe send an email to luv-main-le...@luv.asn.au