On Sun, May 30, 2004 at 08:33:26PM +0200, Frank Ellermann wrote:
This fails, secret.claranet.de isn't handled as a subdomain of
claranet.de. Is this a problem of the test script, or is it a
SPF1 feature, and where's the problem with the SPF1 record ?
host secret.claranet.de = 212.82.225.58
host 212.82.225.58 = home.claranet.de
nslookup -q=txt home.claranet.de => no result (SoA)
nslookup -q=txt claranet.de =>
claranet.de text = "v=spf1 ip4:212.82.225.0/24 -all"
What has to be done if _all_ whatever.claranet.de use the same
SPF1 policy as claranet.de ?
You have to define spf for all subdomains. In my dns, this is simply a
matter of defining spf records for * (along with spf records for
subdomains that are explicitly defined by A or CNAME records). What
you'd like to do is to use the include mechanism i guess. E.g.
(supposing you only have A records for @ and www, and no cname's or
other stuff):
@ IN TXT "v=spf1 <insert spf stuff here> -all"
www IN TXT "v=spf1 include:clarenet.de -all"
* IN TXT "v=spf1 include:clarenet.de -all"
Koen Martens
Ps: i think this post belongs on the help list..? To give it a
'discussion' edge: shouldn't we have some include-like mechanism that
also includes the '-all' for @, or am I missing something here?
--
http://www.sonologic.nl/