RFC 1034 3.6.2 second paragraph:
“If a CNAME RR is present at a node, no other data should be present; this ensures that the data for a canonical name and its aliases cannot be different. This rule also insures that a cached CNAME can be used without checking with an authoritative server for other RR types.” There may be an updated RFC that states the same thing differently but it is a well-known DNS rule. valimail.com’s blackbox might be able to get around it but I would not know for sure. John From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Chris Liesfield Sent: Monday, November 28, 2022 6:03 PM To: bind-users@lists.isc.org Subject: Add TXT records for SPF when CNAME exists in same sub-domain Hi All. Hopefully my terminology is correct and I make sense. We have a main domain "something.com.au<http://something.com.au>" with a few sub-domains, "this", "that", etc. For all of our 'A' records in something.com.au<http://something.com.au>, we have specified TXT records for SPF, however our sub-domains contain CNAMEs only. It appears TXT and CNAME records for the same string/host cannot co-exist. We are able to specify an SPF record for the origin only in each sub-domain. Open to any suggestions on how to get around this issue. Thanks in advance. $TTL 3600 @ IN SOA something.com.au<http://something.com.au>. bofh.something.com.au<http://bofh.something.com.au>. ( 2022112901 ; serial 10800 ; refresh (3 hours) 3600 ; retry (1 hour) 604800 ; expire (1 week) 3600 ; minimum (1 hour) ) NS ns1.something.com.au<http://ns1.something.com.au>. NS ns2.something.com.au<http://ns2.something.com.au>. MX 10 mail.something.com.au<http://mail.something.com.au>. ; A Records localhost A 127.0.0.1 www A 1.2.3.4 @ IN A 1.2.3.4 ; SPF records ; working without a problem. www TXT "v=spf1 -all" $ORIGIN this.something.com.au<http://this.something.com.au>. $TTL 3600 ; 1 hour www CNAME stuff.somewhereelse.com.au<http://stuff.somewhereelse.com.au>. @ CNAME stuff.somewhereelse.com.au<http://stuff.somewhereelse.com.au>. ; SPF records ; BIND considers this an invalid statement - no corresponding 'A' record - conflict with CNAME? www TXT "v=spf1 -all" ; working without a problem. @ TXT "v=spf1 -all" $ORIGIN that.something.com.au<http://that.something.com.au>. $TTL 3600 ; 1 hour www CNAME stuff.overthere.com.au<http://stuff.overthere.com.au>. @ CNAME stuff.overthere.com.au<http://stuff.overthere.com.au>. ; SPF records ; BIND considers this an invalid statement - no corresponding 'A' record - conflict with CNAME? www TXT "v=spf1 -all" ; working without a problem. @ TXT "v=spf1 -all" -- Chris.
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users