<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"Lucida Console";
panose-1:2 11 6 9 4 5 4 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">RFC 1034<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">3.6.2 second paragraph:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">“If a CNAME RR is present at a node, no other data should be<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">present; this ensures that the data for a canonical name and its aliases<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">cannot be different. This rule also insures that a cached CNAME can be<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">used without checking with an authoritative server for other RR types.”<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">There may be an updated RFC that states the same thing differently but it is a well-known DNS rule.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">valimail.com’s blackbox might be able to get around it but I would not know for sure.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">John<o:p></o:p></span></p>
<p class="MsoNormal"><a name="_MailEndCompose"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></a></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif"">From:</span></b><span style="font-size:11.0pt;font-family:"Calibri","sans-serif""> bind-users [mailto:bind-users-bounces@lists.isc.org]
<b>On Behalf Of </b>Chris Liesfield<br>
<b>Sent:</b> Monday, November 28, 2022 6:03 PM<br>
<b>To:</b> bind-users@lists.isc.org<br>
<b>Subject:</b> Add TXT records for SPF when CNAME exists in same sub-domain<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Hi All. Hopefully my terminology is correct and I make sense.<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">We have a main domain "<a href="http://something.com.au">something.com.au</a>" with a few sub-domains, "this", "that", etc.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">For all of our 'A' records in <a href="http://something.com.au">
something.com.au</a>, we have specified TXT records for SPF, however our sub-domains contain CNAMEs only.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">It appears TXT and CNAME records for the same string/host cannot co-exist. We are able to specify an SPF record for the origin only in each sub-domain.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Open to any suggestions on how to get around this issue.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Thanks in advance.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">$TTL 3600<br>
@ IN SOA <a href="http://something.com.au">something.com.au</a>.
<a href="http://bofh.something.com.au">bofh.something.com.au</a>. (<br>
2022112901 ; serial<br>
10800 ; refresh (3 hours)<br>
3600 ; retry (1 hour)<br>
604800 ; expire (1 week)<br>
3600 ; minimum (1 hour)<br>
)<br>
NS <a href="http://ns1.something.com.au">ns1.something.com.au</a>.<br>
NS <a href="http://ns2.something.com.au">ns2.something.com.au</a>.<br>
MX 10 <a href="http://mail.something.com.au">mail.something.com.au</a>.<br>
<br>
; A Records<br>
<br>
localhost A 127.0.0.1<br>
www A 1.2.3.4<br>
@ IN A 1.2.3.4<br>
<br>
; SPF records<br>
<br>
; working without a problem.<br>
www TXT "v=spf1 -all"<br>
<br>
$ORIGIN <a href="http://this.something.com.au">this.something.com.au</a>.<br>
$TTL 3600 ; 1 hour<br>
www CNAME <a href="http://stuff.somewhereelse.com.au">stuff.somewhereelse.com.au</a>.<br>
@ CNAME <a href="http://stuff.somewhereelse.com.au">stuff.somewhereelse.com.au</a>.<br>
<br>
; SPF records<br>
<br>
; BIND considers this an invalid statement - no corresponding 'A' record - conflict with CNAME?<br>
www TXT "v=spf1 -all"<br>
; working without a problem.<br>
@ TXT "v=spf1 -all"<br>
<br>
$ORIGIN <a href="http://that.something.com.au">that.something.com.au</a>.<br>
$TTL 3600 ; 1 hour<br>
www CNAME <a href="http://stuff.overthere.com.au">stuff.overthere.com.au</a>.<br>
@ CNAME <a href="http://stuff.overthere.com.au">stuff.overthere.com.au</a>.<br>
<br>
; SPF records<br>
<br>
; BIND considers this an invalid statement - no corresponding 'A' record - conflict with CNAME?<br>
www TXT "v=spf1 -all"<br>
; working without a problem.<br>
@ TXT "v=spf1 -all"<br clear="all">
<o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<p class="MsoNormal">-- <o:p></o:p></p>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal">Chris.<o:p></o:p></p>
</div>
<div>
<div>
<pre style="line-height:9.0pt"><span style="font-size:9.0pt;font-family:"Lucida Console""> <o:p></o:p></span></pre>
<pre style="line-height:9.0pt"><span style="font-size:9.0pt;font-family:"Lucida Console""> <o:p></o:p></span></pre>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</body>
</html>