subject:"RE\: Add TXT records for SPF when CNAME exists in same sub\-domain"

Re: Add TXT records for SPF when CNAME exists in same sub-domain

2022-11-29 Thread G.W. Haywood via bind-users

Hi there,

On Tue, 29 Nov 2022, Mark Andrews wrote:

Chris Liesfield wrote:

> It appears TXT and CNAME records for the same string/host cannot
> co-exist. We are able to specify an SPF record for the origin only
> in each sub-domain.
> 
> Open to any suggestions on how to get around this issue.

Place the TXT record at the target of the CNAME.

See also RFC2181 section 10.

--

73,
Ged.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Add TXT records for SPF when CNAME exists in same sub-domain

2022-11-28 Thread Mark Andrews

Place the TXT record at the target of the CNAME.

> On 29 Nov 2022, at 11:03, Chris Liesfield  wrote:
> 
> Hi All. Hopefully my terminology is correct and I make sense.
> 
> We have a main domain "something.com.au" with a few sub-domains, "this", 
> "that", etc.
> 
> For all of our 'A' records in something.com.au, we have specified TXT records 
> for SPF, however our sub-domains contain CNAMEs only.
> 
> It appears TXT and CNAME records for the same string/host cannot co-exist. We 
> are able to specify an SPF record for the origin only in each sub-domain.
> 
> Open to any suggestions on how to get around this issue.
> 
> Thanks in advance.
> 
> $TTL 3600
> @   IN  SOA  something.com.au. bofh.something.com.au. 
> (
> 2022112901 ; serial
> 10800  ; refresh (3 hours)
> 3600   ; retry (1 hour)
> 604800 ; expire (1 week)
> 3600   ; minimum (1 hour)
> )
> NS  ns1.something.com.au.
> NS  ns2.something.com.au.
> MX  10 mail.something.com.au.
> 
> ; A Records
> 
> localhost   A   127.0.0.1
> www   A   1.2.3.4
> @ IN  A   1.2.3.4
> 
> ; SPF records
> 
> ; working without a problem.
> www TXT "v=spf1 -all"
> 
> $ORIGIN this.something.com.au.
> $TTL 3600   ; 1 hour
> www CNAME   stuff.somewhereelse.com.au.
> @   CNAME   stuff.somewhereelse.com.au.
> 
> ; SPF records
> 
> ; BIND considers this an invalid statement - no corresponding 'A' record - 
> conflict with CNAME?
> www TXT "v=spf1 -all"
> ; working without a problem.
> @   TXT "v=spf1 -all"
> 
> $ORIGIN that.something.com.au.
> $TTL 3600   ; 1 hour
> www CNAME   stuff.overthere.com.au.
> @   CNAME   stuff.overthere.com.au.
> 
> ; SPF records
> 
> ; BIND considers this an invalid statement - no corresponding 'A' record - 
> conflict with CNAME?
> www TXT "v=spf1 -all"
> ; working without a problem.
> @   TXT "v=spf1 -all"
> 
> -- 
> Chris.
>  
>  
> 
> -- 
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
> this list
> 
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org

-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

RE: Add TXT records for SPF when CNAME exists in same sub-domain

2022-11-28 Thread John W. Blue via bind-users

RFC 1034

3.6.2 second paragraph:

“If a CNAME RR is present at a node, no other data should be
present; this ensures that the data for a canonical name and its aliases
cannot be different.  This rule also insures that a cached CNAME can be
used without checking with an authoritative server for other RR types.”

There may be an updated RFC that states the same thing differently but it is a 
well-known DNS rule.

valimail.com’s blackbox might be able to get around it but I would not know for 
sure.

John

From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Chris 
Liesfield
Sent: Monday, November 28, 2022 6:03 PM
To: bind-users@lists.isc.org
Subject: Add TXT records for SPF when CNAME exists in same sub-domain

Hi All. Hopefully my terminology is correct and I make sense.

We have a main domain "something.com.au" with a few 
sub-domains, "this", "that", etc.

For all of our 'A' records in something.com.au, we 
have specified TXT records for SPF, however our sub-domains contain CNAMEs only.

It appears TXT and CNAME records for the same string/host cannot co-exist. We 
are able to specify an SPF record for the origin only in each sub-domain.

Open to any suggestions on how to get around this issue.

Thanks in advance.

$TTL 3600
@   IN  SOA  something.com.au. 
bofh.something.com.au. (
2022112901 ; serial
10800  ; refresh (3 hours)
3600   ; retry (1 hour)
604800 ; expire (1 week)
3600   ; minimum (1 hour)
)
NS  
ns1.something.com.au.
NS  
ns2.something.com.au.
MX  10 
mail.something.com.au.

; A Records

localhost   A   127.0.0.1
www   A   1.2.3.4
@ IN  A   1.2.3.4

; SPF records

; working without a problem.
www TXT "v=spf1 -all"

$ORIGIN this.something.com.au.
$TTL 3600   ; 1 hour
www CNAME   
stuff.somewhereelse.com.au.
@   CNAME   
stuff.somewhereelse.com.au.

; SPF records

; BIND considers this an invalid statement - no corresponding 'A' record - 
conflict with CNAME?
www TXT "v=spf1 -all"
; working without a problem.
@   TXT "v=spf1 -all"

$ORIGIN that.something.com.au.
$TTL 3600   ; 1 hour
www CNAME   
stuff.overthere.com.au.
@   CNAME   
stuff.overthere.com.au.

; SPF records

; BIND considers this an invalid statement - no corresponding 'A' record - 
conflict with CNAME?
www TXT "v=spf1 -all"
; working without a problem.
@   TXT "v=spf1 -all"

--
Chris.




-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Add TXT records for SPF when CNAME exists in same sub-domain

Re: Add TXT records for SPF when CNAME exists in same sub-domain

RE: Add TXT records for SPF when CNAME exists in same sub-domain

3 matches

Site Navigation

Mail list logo

Footer information