On 2020-03-14 at 20:34 -0400, Viktor Dukhovni wrote: > Well, you'd be much better off with the more readable, and > equally maintainable: > > @ TXT ( "v=spf1" > " ip6:2001:4f8::/32" > " ip6:2001:559:8000::/48" > " ip4:149.20.56.0/24" > " ip4:24.104.150.0/24" > " ~all" ) > > With the qname changed to "@", since SPF clients do not prepend "_spf.", > and added "ip4:" and "ip6:" prefixes, AFAIK they're required.
Some implementations are especially lenient and fix up records which are missing those prefices. Sending email to Gmail and checking that it makes it through and examining the headers is _not_ a conformance check and shame on me for the outage after the time where I got lazy and used it as such. FWIW, I have a zone `test.globnix.net` which is open-transfer from nlns.globnix.net, which has long contained a number of examples of things which have to survive their trip through DNS, and sadistic SPF records. The only recent change was the addition of `spftest12` to make sure I was covering Paul Vixie's example using unquoted tokens and parens for multi-line. Here's the section with comments from the zonefile on-disk; for a long time it had SPF and TXT both, until RFC7208. I could find a way to rephrase that. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~8< zonefile >8~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ; For SPF, must be resistant to other TXT records; per RFC 4408, SHOULD ; publish both TXT and SPF RR-types, MUST have at least one of those, if ; both present MUST match. RR "SPF" = 99. ; HOWEVER RFC 7208 forbade SPF RR-type (ยง3.1) spftest1 IN TXT "foo extra" spftest1 IN TXT "bar extra" spftest1 IN TXT "v=spf1 -all" ; TXT joining behaviour is application-specific; when used for SPF records, ; elements joined directly together, no white-space, and this is the defined ; behaviour for TXT records too. spftest2 IN TXT "v=spf1 " "-all" spftest3 IN TXT "v=s" "pf1 -" "all" spftest4 IN TXT "" "v=spf1 -all" spftest5 IN TXT "v=spf1" " -all" ; see if parser requires space after tag within "enough swallowed to provide first tag" spftest6 IN TXT "v=s" "" "pf1" " " "-all" spftest7 IN TXT "v" "=" "s" "p" "f" "1" " " "-" "a" "l" "l" spftest8 IN TXT "v=s" "" "" "" "" "" "" "" "" "pf1 -all" spftest9 IN TXT "v=spf1 " "" "" "" "" "" "" "" "" "-all" spftest10 IN TXT "" "" "" "" "v=sp" "f1 -all" spftest11 IN TXT "" "" "" "" "v=spf1 -all" spftest12 IN TXT ( v=spf1 " -all" ) spf-count IN TXT "max=12" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~8< zonefile >8~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations