Against my better judgement, I added a:
* TXT "v=spf1 -all"
record, but it had unforseen side effects.
What were the unforseen side effects?
Well, this really has nothing to do with spf, but all of my A records were
being ignored. After I commented out the wildcard TXT entry, everything
started working again. I know BIND has a bug that causes problems if the
last record is a TXT record, perhaps I stubbled upon another bug. I didn't
go through the motions of diagnoising it because I was more interested in
getting my DNS server back up and running.
The real question I was asking here is what would happen if a third level
domain has no DNS records (assuming the MTA doesn't throw it away for that
first)?
Example:
spammer_(_at_)_fakesub(_dot_)mydomain(_dot_)org
If there are no DNS records (spf or otherwise) for fakesub.mydomain.org,
what happens then? Are spf records for mydomain.org still ignored in this
case?
_____________
Take care,
Tom