check-names conflicts with SPF macro definition

Daniel Stirnimann daniel.stirnimann at switch.ch
Mon Jan 4 09:01:26 UTC 2021


Hello all,

I changed SPF for switch.ch to use SPF macros (RFC 7208). I wanted to
use the "_spf" label but bind9 check-names complained with a "bad owner
name (check-names)" message.

I have now used "spf" instead of "_spf", e.g. exists:%{ir}.spf.switch.ch

I didn't want to disable check-names for switch.ch because of this
conflict. However, SPF record publishing is generally recommended to use
the "_spf" subdomain which is not possible in this case.

I guess, the only alternative would have been to make "_spf.switch.ch"
its own zone and set check-names for this zone statement to "ignore". Or
would this be a good reasons to loosen the check-names rules in bind9?

Thanks,
Daniel


More information about the bind-users mailing list