dig doesn't work after adding SPF record
|
View:
New views
8 Messages
—
Rating Filter:
Alert me
|
 |
dig doesn't work after adding SPF record
by shion
::
Rate this Message:
Hi folks,
I have added a domain in my nameserver with the following configuration: SOA ns.inwx.de foo@bar.de 2009073103 NS ns.inwx.de NS ns2.inwx.de NS ns3.inwx.de After this I have checked the entries with dig, that everything is correct. ----------------------------------------------------------------- $ dig @ns.inwx.de spf-record-test.de ANY ; <<>> DiG 9.5.1-P2 <<>> @ns.inwx.de spf-record-test.de ANY ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42148 ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 3 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;spf-record-test.de. IN ANY ;; ANSWER SECTION: spf-record-test.de. 3600 IN NS ns.inwx.de. spf-record-test.de. 3600 IN NS ns2.inwx.de. spf-record-test.de. 3600 IN SOA ns.inwx.de. foo@bar.de. 2009073103 10800 3600 604800 3600 spf-record-test.de. 3600 IN NS ns3.inwx.de. ;; ADDITIONAL SECTION: ns3.inwx.de. 3600 IN A 217.20.112.194 ns2.inwx.de. 3600 IN A 213.239.206.103 ns.inwx.de. 3600 IN A 217.70.142.66 ;; Query time: 26 msec ;; SERVER: 217.70.142.66#53(217.70.142.66) ;; WHEN: Fri Jul 31 16:09:54 2009 ;; MSG SIZE rcvd: 181 ----------------------------------------------------------------- Next step.. Now I have added a SPF record. SPF v=spf1 -all And checked the entries with dig again. ----------------------------------------------------------------- $ dig @ns.inwx.de spf-record-test.de ANY ; <<>> DiG 9.5.1-P2 <<>> @ns.inwx.de spf-record-test.de ANY ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54903 ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;spf-record-test.de. IN ANY ;; Query time: 27 msec ;; SERVER: 217.70.142.66#53(217.70.142.66) ;; WHEN: Fri Jul 31 16:12:29 2009 ;; MSG SIZE rcvd: 36 ----------------------------------------------------------------- After adding a SPF record, it isn't possible to dig the domain. I don't get any records of the domain. After removing the SPF record it is possible again. It seems to be a problem with pdns and SPF records. Furthermore it seems that some mailservers can't deliver e-mails because the nameserver lookup deferred, if the SPF record is set. Does somebody know, what I can do to solve the problem? Or maybe it is a bug?! The used pdns-server version is 2.9.22-1. $ dig -v DiG 9.5.1-P2 Thanks, shion |
|
|
Re: dig doesn't work after adding SPF record
by Jeroen Wunnink
::
Rate this Message:
SPF record isn't really a SPF record, it's a TXT record with the SPF
content in it :-) shion wrote: > Hi folks, > > I have added a domain in my nameserver with the following configuration: > SOA ns.inwx.de foo@... 2009073103 > NS ns.inwx.de > NS ns2.inwx.de > NS ns3.inwx.de > > After this I have checked the entries with dig, that everything is correct. > > ----------------------------------------------------------------- > $ dig @ns.inwx.de spf-record-test.de ANY > > ; <<>> DiG 9.5.1-P2 <<>> @ns.inwx.de spf-record-test.de ANY > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42148 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 3 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;spf-record-test.de. IN ANY > > ;; ANSWER SECTION: > spf-record-test.de. 3600 IN NS ns.inwx.de. > spf-record-test.de. 3600 IN NS ns2.inwx.de. > spf-record-test.de. 3600 IN SOA ns.inwx.de. foo@.... > 2009073103 10800 3600 604800 3600 > spf-record-test.de. 3600 IN NS ns3.inwx.de. > > ;; ADDITIONAL SECTION: > ns3.inwx.de. 3600 IN A 217.20.112.194 > ns2.inwx.de. 3600 IN A 213.239.206.103 > ns.inwx.de. 3600 IN A 217.70.142.66 > > ;; Query time: 26 msec > ;; SERVER: 217.70.142.66#53(217.70.142.66) > ;; WHEN: Fri Jul 31 16:09:54 2009 > ;; MSG SIZE rcvd: 181 > ----------------------------------------------------------------- > > Next step.. > Now I have added a SPF record. > SPF v=spf1 -all > > And checked the entries with dig again. > > ----------------------------------------------------------------- > $ dig @ns.inwx.de spf-record-test.de ANY > > ; <<>> DiG 9.5.1-P2 <<>> @ns.inwx.de spf-record-test.de ANY > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54903 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;spf-record-test.de. IN ANY > > ;; Query time: 27 msec > ;; SERVER: 217.70.142.66#53(217.70.142.66) > ;; WHEN: Fri Jul 31 16:12:29 2009 > ;; MSG SIZE rcvd: 36 > ----------------------------------------------------------------- > > After adding a SPF record, it isn't possible to dig the domain. > I don't get any records of the domain. After removing the SPF record it is > possible again. > It seems to be a problem with pdns and SPF records. > > Furthermore it seems that some mailservers can't deliver e-mails because the > nameserver lookup deferred, if the SPF record is set. > > Does somebody know, what I can do to solve the problem? > Or maybe it is a bug?! > > The used pdns-server version is 2.9.22-1. > > $ dig -v > DiG 9.5.1-P2 > > Thanks, > > shion > -- Met vriendelijke groet, Jeroen Wunnink, EasyHosting B.V. Systeembeheerder systeembeheer@... telefoon:+31 (035) 6285455 Postbus 48 fax: +31 (035) 6838242 3755 ZG Eemnes http://www.easyhosting.nl http://www.easycolocate.nl _______________________________________________ Pdns-users mailing list Pdns-users@... http://mailman.powerdns.com/mailman/listinfo/pdns-users |
|
|
Re: dig doesn't work after adding SPF record
by Frands Hansen
::
Rate this Message:
Exactly how did you add your SPF record? This would be the correct way: domain.tld TXT "v=spf1 blabla" SPF records are not really "SPF" but "TXT" records with spf content. - Frands B. Hansen On 31/07/2009, at 17:04, shion wrote: > > Hi folks, > > I have added a domain in my nameserver with the following > configuration: > SOA ns.inwx.de foo@... 2009073103 > NS ns.inwx.de > NS ns2.inwx.de > NS ns3.inwx.de > > After this I have checked the entries with dig, that everything is > correct. > > ----------------------------------------------------------------- > $ dig @ns.inwx.de spf-record-test.de ANY > > ; <<>> DiG 9.5.1-P2 <<>> @ns.inwx.de spf-record-test.de ANY > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42148 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 3 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;spf-record-test.de. IN ANY > > ;; ANSWER SECTION: > spf-record-test.de. 3600 IN NS ns.inwx.de. > spf-record-test.de. 3600 IN NS ns2.inwx.de. > spf-record-test.de. 3600 IN SOA ns.inwx.de. > foo@.... > 2009073103 10800 3600 604800 3600 > spf-record-test.de. 3600 IN NS ns3.inwx.de. > > ;; ADDITIONAL SECTION: > ns3.inwx.de. 3600 IN A 217.20.112.194 > ns2.inwx.de. 3600 IN A 213.239.206.103 > ns.inwx.de. 3600 IN A 217.70.142.66 > > ;; Query time: 26 msec > ;; SERVER: 217.70.142.66#53(217.70.142.66) > ;; WHEN: Fri Jul 31 16:09:54 2009 > ;; MSG SIZE rcvd: 181 > ----------------------------------------------------------------- > > Next step.. > Now I have added a SPF record. > SPF v=spf1 -all > > And checked the entries with dig again. > > ----------------------------------------------------------------- > $ dig @ns.inwx.de spf-record-test.de ANY > > ; <<>> DiG 9.5.1-P2 <<>> @ns.inwx.de spf-record-test.de ANY > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54903 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;spf-record-test.de. IN ANY > > ;; Query time: 27 msec > ;; SERVER: 217.70.142.66#53(217.70.142.66) > ;; WHEN: Fri Jul 31 16:12:29 2009 > ;; MSG SIZE rcvd: 36 > ----------------------------------------------------------------- > > After adding a SPF record, it isn't possible to dig the domain. > I don't get any records of the domain. After removing the SPF record > it is > possible again. > It seems to be a problem with pdns and SPF records. > > Furthermore it seems that some mailservers can't deliver e-mails > because the > nameserver lookup deferred, if the SPF record is set. > > Does somebody know, what I can do to solve the problem? > Or maybe it is a bug?! > > The used pdns-server version is 2.9.22-1. > > $ dig -v > DiG 9.5.1-P2 > > Thanks, > > shion > -- > View this message in context: http://www.nabble.com/dig-doesn%27t-work-after-adding-SPF-record-tp24757839p24757839.html > Sent from the PowerDNS mailing list archive at Nabble.com. > > _______________________________________________ > Pdns-users mailing list > Pdns-users@... > http://mailman.powerdns.com/mailman/listinfo/pdns-users _______________________________________________ Pdns-users mailing list Pdns-users@... http://mailman.powerdns.com/mailman/listinfo/pdns-users |
|
|
Re: dig doesn't work after adding SPF record
by ciuly
::
Rate this Message:
I beg a difference, if you read up on things, there is a SPF record type
(99) added a while back and the TXT approach is getting deprecated: more info on the wiki: http://en.wikipedia.org/wiki/Sender_Policy_Framework On Fri, 31 Jul 2009 18:09:39 +0300, Frands Hansen <dns@...> wrote: > > Exactly how did you add your SPF record? > > This would be the correct way: > > domain.tld TXT "v=spf1 blabla" > > SPF records are not really "SPF" but "TXT" records with spf content. > > - > Frands B. Hansen > > On 31/07/2009, at 17:04, shion wrote: > >> >> Hi folks, >> >> I have added a domain in my nameserver with the following configuration: >> SOA ns.inwx.de foo@... 2009073103 >> NS ns.inwx.de >> NS ns2.inwx.de >> NS ns3.inwx.de >> >> After this I have checked the entries with dig, that everything is >> correct. >> >> ----------------------------------------------------------------- >> $ dig @ns.inwx.de spf-record-test.de ANY >> >> ; <<>> DiG 9.5.1-P2 <<>> @ns.inwx.de spf-record-test.de ANY >> ; (1 server found) >> ;; global options: printcmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42148 >> ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 3 >> ;; WARNING: recursion requested but not available >> >> ;; QUESTION SECTION: >> ;spf-record-test.de. IN ANY >> >> ;; ANSWER SECTION: >> spf-record-test.de. 3600 IN NS ns.inwx.de. >> spf-record-test.de. 3600 IN NS ns2.inwx.de. >> spf-record-test.de. 3600 IN SOA ns.inwx.de. foo@.... >> 2009073103 10800 3600 604800 3600 >> spf-record-test.de. 3600 IN NS ns3.inwx.de. >> >> ;; ADDITIONAL SECTION: >> ns3.inwx.de. 3600 IN A 217.20.112.194 >> ns2.inwx.de. 3600 IN A 213.239.206.103 >> ns.inwx.de. 3600 IN A 217.70.142.66 >> >> ;; Query time: 26 msec >> ;; SERVER: 217.70.142.66#53(217.70.142.66) >> ;; WHEN: Fri Jul 31 16:09:54 2009 >> ;; MSG SIZE rcvd: 181 >> ----------------------------------------------------------------- >> >> Next step.. >> Now I have added a SPF record. >> SPF v=spf1 -all >> >> And checked the entries with dig again. >> >> ----------------------------------------------------------------- >> $ dig @ns.inwx.de spf-record-test.de ANY >> >> ; <<>> DiG 9.5.1-P2 <<>> @ns.inwx.de spf-record-test.de ANY >> ; (1 server found) >> ;; global options: printcmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54903 >> ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 >> ;; WARNING: recursion requested but not available >> >> ;; QUESTION SECTION: >> ;spf-record-test.de. IN ANY >> >> ;; Query time: 27 msec >> ;; SERVER: 217.70.142.66#53(217.70.142.66) >> ;; WHEN: Fri Jul 31 16:12:29 2009 >> ;; MSG SIZE rcvd: 36 >> ----------------------------------------------------------------- >> >> After adding a SPF record, it isn't possible to dig the domain. >> I don't get any records of the domain. After removing the SPF record it >> is >> possible again. >> It seems to be a problem with pdns and SPF records. >> >> Furthermore it seems that some mailservers can't deliver e-mails >> because the >> nameserver lookup deferred, if the SPF record is set. >> >> Does somebody know, what I can do to solve the problem? >> Or maybe it is a bug?! >> >> The used pdns-server version is 2.9.22-1. >> >> $ dig -v >> DiG 9.5.1-P2 >> >> Thanks, >> >> shion >> --View this message in context: >> http://www.nabble.com/dig-doesn%27t-work-after-adding-SPF-record-tp24757839p24757839.html >> Sent from the PowerDNS mailing list archive at Nabble.com. >> >> _______________________________________________ >> Pdns-users mailing list >> Pdns-users@... >> http://mailman.powerdns.com/mailman/listinfo/pdns-users > > _______________________________________________ > Pdns-users mailing list > Pdns-users@... > http://mailman.powerdns.com/mailman/listinfo/pdns-users -- http://www.ciuly.com No virus found in this outgoing message. Checked by AVG - www.avg.com Version: 8.5.392 / Virus Database: 270.13.38/2274 - Release Date: 07/31/09 05:58:00 _______________________________________________ Pdns-users mailing list Pdns-users@... http://mailman.powerdns.com/mailman/listinfo/pdns-users |
|
|
Re: dig doesn't work after adding SPF record
by Julian Mehnle
::
Rate this Message:
shion wrote:
> Now I have added a SPF record. > SPF v=spf1 -all > > [...] > > After adding a SPF record, it isn't possible to dig the domain. Unlike others in this thread have said, "SPF" is very well a valid RR type. Your problem is that you forgot to enclose the RR contents in double quotes. (The same applies to the database backends, BTW! You actually have to store the double quotes in the database field!) One thing about the "SPF" RR type, though: Although the SPF spec prefers it over the legacy "TXT" type, some older implementations query only for TXT RRs. I recommend having both "SPF"-type and "TXT"-type RRs with identical content. -Julian _______________________________________________ Pdns-users mailing list Pdns-users@... http://mailman.powerdns.com/mailman/listinfo/pdns-users |
|
|
Re: dig doesn't work after adding SPF record
by ciuly
::
Rate this Message:
forgot to mention, I use SPF records on my server and it works ok.
dig 9.2.1 and pdns 2.9.22 On Fri, 31 Jul 2009 18:04:25 +0300, shion <svenbroeske@...> wrote: > > Hi folks, > > I have added a domain in my nameserver with the following configuration: > SOA ns.inwx.de foo@... 2009073103 > NS ns.inwx.de > NS ns2.inwx.de > NS ns3.inwx.de > > After this I have checked the entries with dig, that everything is > correct. > > ----------------------------------------------------------------- > $ dig @ns.inwx.de spf-record-test.de ANY > > ; <<>> DiG 9.5.1-P2 <<>> @ns.inwx.de spf-record-test.de ANY > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42148 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 3 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;spf-record-test.de. IN ANY > > ;; ANSWER SECTION: > spf-record-test.de. 3600 IN NS ns.inwx.de. > spf-record-test.de. 3600 IN NS ns2.inwx.de. > spf-record-test.de. 3600 IN SOA ns.inwx.de. foo@.... > 2009073103 10800 3600 604800 3600 > spf-record-test.de. 3600 IN NS ns3.inwx.de. > > ;; ADDITIONAL SECTION: > ns3.inwx.de. 3600 IN A 217.20.112.194 > ns2.inwx.de. 3600 IN A 213.239.206.103 > ns.inwx.de. 3600 IN A 217.70.142.66 > > ;; Query time: 26 msec > ;; SERVER: 217.70.142.66#53(217.70.142.66) > ;; WHEN: Fri Jul 31 16:09:54 2009 > ;; MSG SIZE rcvd: 181 > ----------------------------------------------------------------- > > Next step.. > Now I have added a SPF record. > SPF v=spf1 -all > > And checked the entries with dig again. > > ----------------------------------------------------------------- > $ dig @ns.inwx.de spf-record-test.de ANY > > ; <<>> DiG 9.5.1-P2 <<>> @ns.inwx.de spf-record-test.de ANY > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 54903 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;spf-record-test.de. IN ANY > > ;; Query time: 27 msec > ;; SERVER: 217.70.142.66#53(217.70.142.66) > ;; WHEN: Fri Jul 31 16:12:29 2009 > ;; MSG SIZE rcvd: 36 > ----------------------------------------------------------------- > > After adding a SPF record, it isn't possible to dig the domain. > I don't get any records of the domain. After removing the SPF record it > is > possible again. > It seems to be a problem with pdns and SPF records. > > Furthermore it seems that some mailservers can't deliver e-mails because > the > nameserver lookup deferred, if the SPF record is set. > > Does somebody know, what I can do to solve the problem? > Or maybe it is a bug?! > > The used pdns-server version is 2.9.22-1. > > $ dig -v > DiG 9.5.1-P2 > > Thanks, > > shion -- http://www.ciuly.com _______________________________________________ Pdns-users mailing list Pdns-users@... http://mailman.powerdns.com/mailman/listinfo/pdns-users |
|
|
Re: dig doesn't work after adding SPF record
by Seth Mattinen
::
Rate this Message:
Frands Hansen wrote:
> > Exactly how did you add your SPF record? > > This would be the correct way: > > domain.tld TXT "v=spf1 blabla" > > SPF records are not really "SPF" but "TXT" records with spf content. > There is a type 99 SPF record. Publish both if you can. Examples you can query yourself: ; <<>> DiG 9.5.1-P2 <<>> new.test SPF @ns1-auth.rollernet.us ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27001 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;new.test. IN SPF ;; ANSWER SECTION: new.test. 86400 IN SPF "mx -all" ;; Query time: 12 msec ;; SERVER: 208.79.240.10#53(208.79.240.10) ;; WHEN: Fri Jul 31 10:28:31 2009 ;; MSG SIZE rcvd: 46 $ host -t SPF new.test ns1-auth.rollernet.us Using domain server: Name: ns1-auth.rollernet.us Address: 208.79.240.10#53 Aliases: new.test has SPF record "mx -all" However, if your toolset doesn't understand type 99 records yet, you'll see this: $ host -t TYPE99 new.test ns1-auth.rollernet.us Using domain server: Name: ns1-auth.rollernet.us Address: 208.79.240.10#53 Aliases: new.test has TYPE99 record \# 8 076D78202D616C6C ~Seth _______________________________________________ Pdns-users mailing list Pdns-users@... http://mailman.powerdns.com/mailman/listinfo/pdns-users |
|
|
Re: dig doesn't work after adding SPF record
by shion
::
Rate this Message:
Thank you very much. That was it. : )
The double quotes have been missed. But something is strange. If I use TXT records without double quotes than they are automatically set by pdns and if I set the double quotes by myself, then work everything too. But if I use SPF records, I MUST set the double quotes by myself, so that everything is working. I think this is really impractical. Would be great if SPF records have the same mechanism with the double quotes like TXT records.
|
signature.asc (204 bytes) | Free embeddable forum powered by Nabble | Forum Help |
