I have a question about SPF records (i not a huge expert of DNS)
In main domain (mydomain.com) we have mail server and our DNS have such a records (mx, a and txt):
IN MX 10 mail.mydomain.com.
mail IN A 1.1.1.1
mail IN A 2.2.2.2
mydomain.com. IN TXT "v=spf1 ip4:1.1.1.1 ip4:2.2.2.2 a:mail.mydomain.com ~all"
Now we have to install additional mail serwer in dedicate subdomain (mysubdomain.mydomain.com).
I have plan to send emails from this subdomain using zimbra.
I have a question so records in DNS are correct::
IN MX 10 mail.mydomain.com.
mysubdomain IN MX 10 mail1.mydomain.com.
mail IN A 1.1.1.1
mail IN A 2.2.2.2
mail1 IN A 3.3.3.3
mail1 IN A 4.4.4.4
mysubdomain IN A 3.3.3.3
mysubdomain IN A 4.4.4.4
mydomain.com. IN TXT "v=spf1 ip4:1.1.1.1 ip4:2.2.2.2 a:mail.mydomain.com ~all"
mysubdomain.mydomain.com. IN TXT "v=spf1 ip4:3.3.3.3 ip4:4.4.4.4 a:mail1.mydomain.com ~all"
Please tell me, so is are correct or i should done some changes?
Best regards,
bcteam
Your records look OK apart from the mail servers. Instead of explicitly using a clauses and the mail server host names, just use an mx clause. Instead of:
mydomain.com. IN TXT "v=spf1 ip4:1.1.1.1 ip4:2.2.2.2 a:mail.mydomain.com ~all"
mysubdomain.mydomain.com. IN TXT "v=spf1 ip4:3.3.3.3 ip4:4.4.4.4 a:mail1.mydomain.com ~all"
say:
mydomain.com. IN TXT "v=spf1 ip4:1.1.1.1 ip4:2.2.2.2 mx ~all"
mysubdomain.mydomain.com. IN TXT "v=spf1 ip4:3.3.3.3 ip4:4.4.4.4 mx ~all"
When you're done, test your setup on Scott Kitterman's site.
Related
I'm trying to verify a Gitlab pages domain
So, in my DNS provider, I add a TXT register like:
_gitlab-pages-verification-code.mysite.example TXT gitlab-pages-verification-code=08206beaab9ad1079993f245f1419a22
but I already have
# 3600 IN TXT "v=spf1 mx include:_spf.google.com ?all"
that seems to override all my TXT entries.
When I do
dig +short txt mysite.example
I will not see the TXT entry as long as I don't delete the google entry.
How should I do that? I also read that I can't delete Google entry because it will periodically check it.
Any ideas?
EDIT:
I added
instructions changed, and now letsencrypt ask me that:
Please deploy a DNS TXT record under the name
_acme-challenge.mysite.io with the following value:
gcnw0KaBOs8lMALx9YvIYsq8ZCWyxCLieMfqxxxxx
Before continuing, verify the record is deployed.
so, I removed # TXT even if not necessary... and added the TXT entry:
# 10800 IN A 35.185.44.232
imap 10800 IN CNAME access.mail.gandi.net.
pop 10800 IN CNAME access.mail.gandi.net.
smtp 10800 IN CNAME relay.mail.gandi.net.
webmail 10800 IN CNAME webmail.gandi.net.
www 10800 IN CNAME mysite.io.
# 10800 IN MX 50 fb.mail.gandi.net.
# 10800 IN MX 10 spool.mail.gandi.net.
_acme-challenge.mysite.io 300 IN TXT "gcnw0KaBOs8lMALx9YvIYsq8ZCWyxCLieMxxxxxxx"
I waited a whole night, and when I execute:
dig +short txt _acme-challenge.mysite.io
It doesn't give me anything.
PD: Sorry about not being a programming question, what is the place where I should post ?
Do dig _gitlab-pages-verification-code.mysite.example TXT and you will see your TXT record for Gitlab verification.
When you do dig mysite.example TXT it returns only TXT records on the mysite.example record, not all TXT records in your zone.
I have a DNS setup with IBM SOFTLAYER with below setup
$ORIGIN mydomain.com.
$TTL 86400
# IN SOA ns1.softlayer.com. support.softlayer.com. (
2018110900 ; Serial
7200 ; Refresh
600 ; Retry
1728000 ; Expire
43200) ; Minimum
# 86400 IN NS ns1.softlayer.com.
# 86400 IN NS ns2.softlayer.com.
# 60 IN TXT v=spf1 include:_spf.google.com ~all
google._domainkey 86400 IN TXT v=DKIM1; k=rsa; p=AB
_dmarc.mydomain.com. 86400 IN TXT v=DMARC1; p=quarantine; pct=100; rua=mailto:support#mydomain.com
* 900 IN CNAME mydomain.com.
devadmin 86400 IN CNAME admin.mydomain.com.
ftp 86400 IN CNAME admin.mydomain.com.
# 86400 IN A 100.100.100.100
admin 86400 IN A 200.200.200.200
This setup works fine and I can resolve queries like mydomain.com, devmedia.mydomain.com, x.devmedia.mydomain.com
The issue arises when I add another TXT record for Lets Encrypt domain validation.
_acme-challenge.devmedia 60 IN TXT txttestrest
Once added, domains with devmedia.mydomain.com stop resolving.
Is this normal behavior or some bug in DNS.
Do I need to add devmedia.mydomain.com explicitly in my DNS or there is some other way to do this.
CNAME records are not allowed to co-exist with other records. Since you have a CNAME defined for devmedia, you can't create a acme-challenge.devmedia. So either you need to change devmedia to an A record, or handle it some other way.
It might work to create acme-challenge.admin instead, since that is where the CNAME points, but I am not sure if they will actually check that way.
I have this DNS record in my domains's zone file:
TXT cmaflooring.com v=spf1 a mx include:websitewelcome.com ~all Automatic
What does it mean?
It's an SPF record. The following website from OpenSPF[1] has a good explanation.
http://www.openspf.org/SPF_Record_Syntax
I want type domain.com at browser, then connect www.domain.com likes type google.com to connect www.google.com.
The information below is currently set.
domain.com. NS ns-1623.awsdns-10.co.uk.
ns-1461.awsdns-54.org.
ns-180.awsdns-22.com.
ns-880.awsdns-46.net.
domain.com. SOA ns-1461.awsdns-54.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
*.domain.com. A XXX.XXX.XXX.XXX
What should I do if you would like to do this?
You want to use DNS redirection with a CNAME entry/record. Check out this link.
Basically, you create a record that refers to some other A record (or, perhaps, another CNAME in some circumstances). You can set this up for any number of subdomains (www, www2, mail, home, etc.).
My DNS has a set up for the domain base.com that consists of A and MX records. There are several other domains that are set up with CNAME records, pointing to base.com.
Do I need to set up anything special (like extra MX records) for the CNAME domains, or will the CNAME records also forward any MX requests.
Example:
Will an email sent to info#otherdomain.com be delivered correctly to the MX of base.com if these (and only these) DNS records are in place:
; A and MX set up for base.com
base.com. 3600 IN A 123.45.67.89
mail.base.com. 3600 A 123.45.67.89
base.com. 3600 IN MX 10 mail.base.com.
; CNAME set up for otherdomain.com
otherdomain.com. CNAME IN A base.com.
CNAME causes queries for all RR types (excluding CNAME itself) to be directed to the target name. That includes MX. So yes, the above zone data will cause queries for otherdomain.com.'s MX to resolve to mail.base.com..
Experiment with dig or your favorite DNS client. Not only will you confirm the result for sure, but you won't have to wait 4 hours for someone to answer your SO question before you get your answer!
Unfortunately, in this particular case, if your domain is really of the form otherdomain.com., you would not be able to configure a CNAME resource records for it. This is because domains that have CNAME records cannot have any other type of resource record at the same time. Yet if otherdomain.com. is directly below com. (or another gTLD), it is necessarily at the top of a zone and so it needs at least SOA and NS records.