From log files:
04-May-2015 08:32:07.525 general: warning: zone mydomain.com/IN: 'mydomain.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
This warring probably comes from Bind looking for SPF (TYPE 99) record (RFC 4408) instead of TXT how Virtualmin usually store the SPF records. I sort this problem in the way i manually insert SPF record in DNS for each domain. So now my DNS instead of:
$ttl 3600
.............
mydomain.com. IN TXT "v=spf1 a mx a:mydomain.com mx:mydomain.com ip4:xxx.xxx.xxx.xxx -all"
.............
looks like this:
$ttl 3600
.............
mydomain.com. IN TXT "v=spf1 a mx a:mydomain.com mx:mydomain.com ip4:xxx.xxx.xxx.xxx -all"
mydomain.com. IN SPF "v=spf1 a mx a:mydomain.com mx:mydomain.com ip4:xxx.xxx.xxx.xxx -all
............."
Another solution can be to comment out
ExecStartPre=/usr/sbin/named-checkconf -z /etc/named.conf
in "named.service" file but i dont like cutting out functions just because we dont have something what should be implemented long time ago. Only problem is with Centos 5 where old Bind doesnt support SPF records but it could be sorted out that Virtualmin is not using SPF (TYPE 99) on Centos 5.
Lucky i have only 3 domains on this server but for someone with several dozen (or more) domains it would be a pain to change each one of them. Maybe a little change in code could make Virtualmin inserting 2 SPF records in DNS, TXT and second one as SPF record.
3.1.1. DNS Resource Record Types
This document defines a new DNS RR of type SPF, code 99. The format
of this type is identical to the TXT RR [RFC1035]. For either type,
the character content of the record is encoded as [US-ASCII].
It is recognized that the current practice (using a TXT record) is
not optimal, but it is necessary because there are a number of DNS
server and resolver implementations in common use that cannot handle
the new RR type. The two-record-type scheme provides a forward path
to the better solution of using an RR type reserved for this purpose.
An SPF-compliant domain name SHOULD have SPF records of both RR
types. A compliant domain name MUST have a record of at least one
type. If a domain has records of both types, they MUST have
identical content. For example, instead of publishing just one
record as in Section 3.1 above, it is better to publish:
example.com. IN TXT "v=spf1 +mx a:colo.example.com/28 -all"
example.com. IN SPF "v=spf1 +mx a:colo.example.com/28 -all"
Example RRs in this document are shown with the TXT record type;
however, they could be published with the SPF type or with both
types.
Comments
Submitted by JamieCameron on Mon, 05/04/2015 - 18:13 Comment #1
You can have Virtualmin add this automatically at Webmin -> Servers -> BIND DNS Server -> Module Config -> Zone file options, by setting "Real record type for Sender Permitted From" to "SPF".
But the text suggest to have both records, will this be available when i turn this option or i still need to edit manually?
Submitted by JamieCameron on Mon, 05/04/2015 - 22:03 Comment #3
If you select "SPF" mode, Virtualmin will create both record types.
Ok thank you, i will test this when i buy new domain.
Submitted by Issues on Mon, 05/18/2015 - 23:02 Comment #5
Automatically closed -- issue fixed for 2 weeks with no activity.
Submitted by Issues on Mon, 05/18/2015 - 23:02 Comment #6
Automatically closed -- issue fixed for 2 weeks with no activity.