Need DNS records help for single server (and IP), and multi-domain mail server.
Reindl Harald
h.reindl at thelounge.net
Thu Aug 24 01:50:01 UTC 2017
Am 24.08.2017 um 03:31 schrieb bind-users at gtaylor.tnetconsulting.net:
> On 08/23/2017 05:47 PM, Reindl Harald wrote:
>> arrakis.thelounge.net. 86399 IN SPF "v=spf1 a
>> ip4:91.118.73.0/24 ip4:95.129.202.170 -all"
>>
>> prometheus.thelounge.net. 86399 IN SPF "v=spf1 a
>> ip4:91.118.73.0/24 ip4:95.129.202.170 -all"
>>
>> otherwise only @example.com *itself* is protected from forging, our
>> homegrown DNS backend automatcially publishes SPF records for every
>> hostname in every domain
>
> This might be a case to use the include so that each host can include
> (read: pull in) the SPF record for the parent domain.
which means again: additional dns lookups while ip-adresses and ranges
are done with a single lookup
> Obviously it depends on how your infrastructure is configured.
in case that stuff is generated - see above
>> also avoid "v=spf1 mx" - why?
>> because it's a useless DNS lookup on the receiver
>> publish ip-adresses whenever possible - the connecting IP is known for
>> free, the MX is not relevant on the destination server when receive
>> email as long as you force the lookup by careless SPF records
>
> I think that it may be possible for someone to publish a PTR record in
> their IP space that reverse resolves to a name of one of your MX
> servers. There by allowing their bogus server to send email as you
besides it's not true because SPF has nothing to do with PTR and they
won't get https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS
how is that related to the topic at all?
More information about the bind-users
mailing list