Mailing List Archive

On Mon, Aug 04, 2008 at 10:58:20AM -0400, Allen Clark wrote:
> Following is a typical example of an SPF record for a typical domain
> "flooringamerica-carpetstudio" that has a single Exchange email server
> located at the IP address 69.89.122.66.
>
> SPF flooringamerica-carpetstudio.com 54800 IN TXT "v=spf1
> ip4:69.89.122. 66 mx ~all"

probably with a dot appended to ..."studio.com", or else a default
will be appended and you end up with domain
flooringamerica-carpetstudio.com.flooringamerica-carpetstudio.com.

no space between "122." and "66" (probably a formatting issue in
your mail client).

"mx" is not typical, especially if there's only one host involved.
If the answer was 'no match' the first time ("ip4:69.89.122.66")
then looking up mx(flooringamerica-carpetstudio.com) results in
a hostname, which when looked up will result in ip address 69.89.122.66,
which when compared against the calling host will still result in
a 'no match' just as it did the first time. Nett result: two DNS
lookups and no gain.

Re publishing SPF:

You will want to publish your SPF policy in a TXT record. Also
publishing it in an SPF record is fine, but as far as I know not
many clients will look for an SPF policy in an SPF record yet.

> My questions are...
>
> If the ISP "A" that provides Internet data service to 69.89.122.66 does
> not have the capability to publish SPF records, which restrictions
> and/or limitations are there about locating authoritative DNS records at
> another DNS provider at ISP "B" that does have the capability to publish
> DNS records?


Two parts of the DNS tree are involved:

"flooringamerica-carpetstudio.com." pointing to 69.89.122.66
and
"66.122.89.69.in-addr.arpa." pointing to "flooringamerica-carpetstudio.com."

N.B.
I did not do any DNS lookups. If the information I provided is wrong,
it is because my input was wrong.



For SPF, you don't need to do anything to "66.122.89.69.in-addr.arpa.".

DNS zone "flooringamerica-carpetstudio.com." needs to be moved (if you
really want to continue publishing an SPF record) to a DNS provider
which does support SPF records.

> In other words may one move all DNS records (A, MX, Reverse DNS, SPF,
> etc.) from ISP "A" to ISP "B", or are there some DNS records (i.e.
> Reverse DNS) that must be published by whatever ISP that provides
> Internet data service to the Exchange email server?

Don't think records. Think zones. You will be moving an entire zone,
not just a couple of records. The PTR records ("reverse DNS") will
be in a zone managed by the provider, the A record will be in a zone
managed by, or on behalf of, flooringamerica-carpetstudio.

This said, usually the PTR record will not be in a zone of its own,
but in a zone containing many PTR records. That's why your provider
does not want to move the zone to your control. And you don't need
this zone to be moved.





-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

Allen Clark wrote on 8/4/2008 9:58:20 AM:

> In other words may one move all DNS records (A, MX, Reverse DNS, SPF,
> etc.) from ISP "A" to ISP "B", or are there some DNS records (i.e.
> Reverse DNS) that must be published by whatever ISP that provides
> Internet data service

The name servers for flooringamerica-carpetstudio.com:

NS1.ACD.NET
NS2.ACD.NET

...are the ones that host the SPF record for that domain. Most likely,
the ISP providing the Internet service (that assigned you the IP
69.89.122.66) would run the DNS servers that handle reverse DNS for that
IP.

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- (A)bort, (R)etry, (T)oss computer across room?

~ Taglines by Taglinator - www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

If your IP address block supplied by AT&T, they want you to supply a Reverse
IP PTR zone on the DNS servers that service your Domain. I like that.

Bob Davis

----- Original Message -----
From: "Steve Yates" <steve@teamITS.com>
To: <spf-help@v2.listbox.com>
Sent: Monday, August 04, 2008 11:45 AM
Subject: RE: [spf-help] Limitations on location of DNS records


Allen Clark wrote on 8/4/2008 9:58:20 AM:

> In other words may one move all DNS records (A, MX, Reverse DNS, SPF,
> etc.) from ISP "A" to ISP "B", or are there some DNS records (i.e.
> Reverse DNS) that must be published by whatever ISP that provides
> Internet data service

The name servers for flooringamerica-carpetstudio.com:

NS1.ACD.NET
NS2.ACD.NET

...are the ones that host the SPF record for that domain. Most likely,
the ISP providing the Internet service (that assigned you the IP
69.89.122.66) would run the DNS servers that handle reverse DNS for that
IP.

-----
SPF FAQ: http://www.openspf.org/FAQ
Common mistakes: http://www.openspf.org/FAQ/Common_mistakes

- Steve Yates
- ITS, Inc.
- (A)bort, (R)etry, (T)oss computer across room?

~ Taglines by Taglinator - www.srtware.com ~


-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com

On Mon, 4 Aug 2008, Allen Clark wrote:

AC>
AC> If there is no restriction about locating ALL DNS records at ISP "B"
AC> while continuing to obtain Internet data service from ISP "A", how, does
AC> one locate ISPs that offer publication of ALL DNS records independent
AC> of Internet data services?
AC>

I use xname.org, see http://www.xname.org.

I use them as a secondary but they have a web interace to use them as
primary.

--
Alan

( Please do not email me AS WELL as replying to the list. Please
address personal email to alan+1@ as lists@ is not read. )



-------------------------------------------
Sender Policy Framework: http://www.openspf.org
Modify Your Subscription: http://www.listbox.com/member/
Archives: https://www.listbox.com/member/archive/1020/=now
RSS Feed: https://www.listbox.com/member/archive/rss/1020/
Powered by Listbox: http://www.listbox.com