Re: Can't modify an existing SPF record
Ok now I understand.thanks a lot to you! El vie, 8 jul 2022 a las 19:58, Greg Choules () escribió: > > The SPF record type was deprecated in 2014 and the SPF definition string > *must* now be contained as data in a TXT record. > BIND will still load a zone containing SPF records, but it will check whether > a TXT record also exists that contains the same string and will generate a > log message telling you if it doesn't find one. > > From a quick glance at the webmin manual it *should* allow you to put > anything you like in a TXT record. > @Roberto Carna your SPF record currently looks like this: > > company.com. 971 IN TXT "v=spf1 mx ip4:[corpIP] include:mktomail.com ~all" > > > The ip4:[corpIP] will not work. [] are not valid characters in the SPF > specification and in any case ip4: must be followed by a literal dotted > decimal IPv4 address. > > On Fri, 8 Jul 2022 at 17:34, Benny Pedersen wrote: >> >> On 2022-07-08 18:14, Crist Clark wrote: >> > As far as BIND is concerned, this is arbitrary text in a TXT record. >> > It doesn’t know or care about SPF syntax within it. >> >> TXT records is mostly used, and SPF records is in bind supported >> -- >> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from >> this list >> >> ISC funds the development of this software with paid support subscriptions. >> Contact us at https://www.isc.org/contact/ for more information. >> >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't modify an existing SPF record
The SPF record type was deprecated in 2014 and the SPF definition string *must* now be contained as data in a TXT record. BIND will still load a zone containing SPF records, but it will check whether a TXT record also exists that contains the same string and will generate a log message telling you if it doesn't find one. >From a quick glance at the webmin manual it *should* allow you to put anything you like in a TXT record. @Roberto Carna your SPF record currently looks like this: company.com. 971 IN TXT "v=spf1 mx ip4:[corpIP] include:mktomail.com ~all" The ip4:[corpIP] will not work. [] are not valid characters in the SPF specification and in any case ip4: must be followed by a literal dotted decimal IPv4 address. On Fri, 8 Jul 2022 at 17:34, Benny Pedersen wrote: > On 2022-07-08 18:14, Crist Clark wrote: > > As far as BIND is concerned, this is arbitrary text in a TXT record. > > It doesn’t know or care about SPF syntax within it. > > TXT records is mostly used, and SPF records is in bind supported > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't modify an existing SPF record
On 2022-07-08 18:14, Crist Clark wrote: As far as BIND is concerned, this is arbitrary text in a TXT record. It doesn’t know or care about SPF syntax within it. TXT records is mostly used, and SPF records is in bind supported -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't modify an existing SPF record
On 2022-07-08 18:04, Roberto Carna wrote: Dear all, I add "a:relay.company.com" using the CLI in the BIND master: company.com. 3600IN TXT "v=spf1 mx a:relay.company.com -all" But after restart, this change never goes to the slaves. If I add "ip:x.x.x.x" for example, this change goes ok to the slaves. ip: is invalid ip4: is valid :) ip6: is valid and lastly a: includes ip6 on the hostnames And from webmin interface, if I add the "a:relay.company.com" I get this error: Failed to save record : 'relay.company.com' is not a valid host to allow sending from stupid webmin check spf here https://www.kitterman.com/spf/validate.html -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't modify an existing SPF record
Thanks a lot, it's a webmin interface error because it doesn't accept characters in allowed host sender option. Sorry for my interruption. Greetings !!! El vie, 8 jul 2022 a las 13:14, Crist Clark () escribió: > > As far as BIND is concerned, this is arbitrary text in a TXT record. It > doesn’t know or care about SPF syntax within it. > > It sounds like you’re having webmin problems, not BIND. > > On Fri, Jul 8, 2022 at 9:08 AM Ondřej Surý wrote: >> >> >> > On 8. 7. 2022, at 18:05, Roberto Carna wrote: >> > >> > using the CLI in the BIND master >> >> What does this mean and how exactly are you changing the zone? List all the >> steps that you are doing when changing the zone contents. >> >> Ondrej >> -- >> Ondřej Surý — ISC (He/Him) >> >> My working hours and your working hours may be different. Please do not feel >> obligated to reply outside your normal working hours. >> >> -- >> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from >> this list >> >> ISC funds the development of this software with paid support subscriptions. >> Contact us at https://www.isc.org/contact/ for more information. >> >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users >> -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't modify an existing SPF record
On 08.07.22 13:04, Roberto Carna wrote: Dear all, I add "a:relay.company.com" using the CLI in the BIND master: company.com. 3600IN TXT "v=spf1 mx a:relay.company.com -all" But after restart, this change never goes to the slaves. If I add "ip:x.x.x.x" for example, this change goes ok to the slaves. And from webmin interface, if I add the "a:relay.company.com" I get this error: Failed to save record : 'relay.company.com' is not a valid host to allow sending from relay.company.com does not exist: % host -t a relay.company.com relay.company.com has no A record % host -t relay.company.com relay.company.com has no record you must add a host that does exist. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I just got lost in thought. It was unfamiliar territory. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't modify an existing SPF record
As far as BIND is concerned, this is arbitrary text in a TXT record. It doesn’t know or care about SPF syntax within it. It sounds like you’re having webmin problems, not BIND. On Fri, Jul 8, 2022 at 9:08 AM Ondřej Surý wrote: > > > On 8. 7. 2022, at 18:05, Roberto Carna wrote: > > > > using the CLI in the BIND master > > What does this mean and how exactly are you changing the zone? List all > the steps that you are doing when changing the zone contents. > > Ondrej > -- > Ondřej Surý — ISC (He/Him) > > My working hours and your working hours may be different. Please do not > feel obligated to reply outside your normal working hours. > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > > -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't modify an existing SPF record
> On 8. 7. 2022, at 18:05, Roberto Carna wrote: > > using the CLI in the BIND master What does this mean and how exactly are you changing the zone? List all the steps that you are doing when changing the zone contents. Ondrej -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't modify an existing SPF record
Dear all, I add "a:relay.company.com" using the CLI in the BIND master: company.com. 3600IN TXT "v=spf1 mx a:relay.company.com -all" But after restart, this change never goes to the slaves. If I add "ip:x.x.x.x" for example, this change goes ok to the slaves. And from webmin interface, if I add the "a:relay.company.com" I get this error: Failed to save record : 'relay.company.com' is not a valid host to allow sending from I suspect the problem is with additional hostnames..I don't know. Thanks again! El vie, 8 jul 2022 a las 12:55, Richard T.A. Neal () escribió: > > Hi Roberto, > > > > You need to prefix it with “a:” to indicate that this is an A-record, i.e.: > > > > a:relay.company.com > > > > Best, > > > > Richard. > > > > From: bind-users On Behalf Of Greg Choules > via bind-users > Sent: 08 July 2022 4:45 pm > To: Roberto Carna > Cc: ML BIND Users > Subject: Re: Can't modify an existing SPF record > > > > Hi Roberto. What domain is this SPF for and exactly how are you trying to add > the extra term? > > Cheers, Greg > > > > On Fri, 8 Jul 2022 at 16:38, Roberto Carna wrote: > > Dear, from my webmin interface for BIND9, I try to add an additional > allowed sender host to our SPF record, but I get the following error: > > Failed to save record : 'relay.company.com' is not a valid host to > allow sending from > > What does this mean? Do I have to consider some important thing I'm > forgetting ? > > relay.company.com is already defined in our public DNS, and it has a > reverse record too. > > if I add this record by hand, it's not replicated to the DNS slaves. > > Thanks in advance!!! > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from > this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't modify an existing SPF record
There can only be one SFP TXT record per domain. A complete record could look like. domain1.com. IN TXT "v=spf1 a:mail.domain1.com a:smtp.domain1.com a:relay.domain2.com -all" It should be logical to use a (domain) name because that name could have multiple IP addresses, both IPv4 and IPv6. Note that there are double quotes around the whole TXT string as well. On 7/8/22 5:55 PM, Richard T.A. Neal wrote: Hi Roberto, You need to prefix it with “a:” to indicate that this is an A-record, i.e.: a:relay.company.com Best, Richard. *From:*bind-users *On Behalf Of *Greg Choules via bind-users *Sent:* 08 July 2022 4:45 pm *To:* Roberto Carna *Cc:* ML BIND Users *Subject:* Re: Can't modify an existing SPF record Hi Roberto. What domain is this SPF for and exactly how are you trying to add the extra term? Cheers, Greg On Fri, 8 Jul 2022 at 16:38, Roberto Carna <mailto:robertocarn...@gmail.com>> wrote: Dear, from my webmin interface for BIND9, I try to add an additional allowed sender host to our SPF record, but I get the following error: Failed to save record : 'relay.company.com <http://relay.company.com>' is not a valid host to allow sending from What does this mean? Do I have to consider some important thing I'm forgetting ? relay.company.com <http://relay.company.com> is already defined in our public DNS, and it has a reverse record too. if I add this record by hand, it's not replicated to the DNS slaves. Thanks in advance!!! -- Visit https://lists.isc.org/mailman/listinfo/bind-users <https://lists.isc.org/mailman/listinfo/bind-users> to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ <https://www.isc.org/contact/> for more information. bind-users mailing list bind-users@lists.isc.org <mailto:bind-users@lists.isc.org> https://lists.isc.org/mailman/listinfo/bind-users <https://lists.isc.org/mailman/listinfo/bind-users> -- Mark James ELKINS - Posix Systems - (South) Africa m...@posix.co.za Tel: +27.826010496 For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za <https://ftth.posix.co.za> Posix SystemsVCARD for MJ Elkins -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Can't modify an existing SPF record
Hi Roberto, You need to prefix it with “a:” to indicate that this is an A-record, i.e.: a:relay.company.com Best, Richard. From: bind-users On Behalf Of Greg Choules via bind-users Sent: 08 July 2022 4:45 pm To: Roberto Carna Cc: ML BIND Users Subject: Re: Can't modify an existing SPF record Hi Roberto. What domain is this SPF for and exactly how are you trying to add the extra term? Cheers, Greg On Fri, 8 Jul 2022 at 16:38, Roberto Carna mailto:robertocarn...@gmail.com>> wrote: Dear, from my webmin interface for BIND9, I try to add an additional allowed sender host to our SPF record, but I get the following error: Failed to save record : 'relay.company.com<http://relay.company.com>' is not a valid host to allow sending from What does this mean? Do I have to consider some important thing I'm forgetting ? relay.company.com<http://relay.company.com> is already defined in our public DNS, and it has a reverse record too. if I add this record by hand, it's not replicated to the DNS slaves. Thanks in advance!!! -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org<mailto:bind-users@lists.isc.org> https://lists.isc.org/mailman/listinfo/bind-users -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Can't modify an existing SPF record
Hi Roberto. What domain is this SPF for and exactly how are you trying to add the extra term? Cheers, Greg On Fri, 8 Jul 2022 at 16:38, Roberto Carna wrote: > Dear, from my webmin interface for BIND9, I try to add an additional > allowed sender host to our SPF record, but I get the following error: > > Failed to save record : 'relay.company.com' is not a valid host to > allow sending from > > What does this mean? Do I have to consider some important thing I'm > forgetting ? > > relay.company.com is already defined in our public DNS, and it has a > reverse record too. > > if I add this record by hand, it's not replicated to the DNS slaves. > > Thanks in advance!!! > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users