In <NGBBLEIJOEEEBMEIAPBKCEMCIMAA(_dot_)scott(_at_)kitterman(_dot_)com> Scott
Kitterman <spf2(_at_)kitterman(_dot_)com> writes:
Another recommended update for the wizard submitted via the web site....
subject: Long SPF entries w/ BIND
message: I have run into what appears to be a BIND limitation with
long TXT records. These records are limited to 255 characters per
_line_, however, unlike TinyDNS, BIND does not automatically split
records across multiple lines automatically.
Well, technically, the limitation isn't 255 characters per *line*, but
per *sub-string". As the submitter says, TinyDNS will automatically
split log strings, but bind won't.
What this means is that organizations with long SPF records (e.g. when
they have many servers that can send mail on their behalf and
cannot condense the list using CIDR because the servers addresses
are not on bit-boundaries) must manually split them across multiple
lines.
Again, it isn't lines, per-se, but substrings.
For example, the TXT RR on tcp.midwestcs.com is all on one line in the
zone file, even though it is *well* over 255 characters. It is made
up of several sub-strings, each of which is 255 characters long.
So, to be more explicit, say you want:
example.org. TXT "v=spf1 ip4:1.2.3.4 <300 characters deleted> -all"
This will not work in bind because the single string is too long.
Instead you need to do something like this:
example.org. TXT "v=spf1 ip4:1.2.3.4 <200 characters deleted> "
"ip4:99.98.97.96 <more chars deleted> -all"
It can sometimes be more convienient to split the single TXT RR across
mutliple lines, which can be done by adding parentheses. This is
commonly done on SOA records, but it can be done anywhere. So, you
might use:
example.org. TXT ( "v=spf1 ip4:1.2.3.4 ip4:2.3.4.5 ip4:3.4.5.6 "
"ip4:4.5.6.7 ip4:5.6.7.8 ip4:6.7.8.9 ... "
"ip4:99.98.97.96 ip4:98.97.96.95 -all" )
Pay special attention to the fact that there needs to be at least one
space added either at the end of the strings, and/or at the beginning
of the next sub-string. When the subs-strings are put back together,
they are done so without adding spaces.
Can you please make some indication of this on the SPF wizard page
(where it gives the examples of what to paste into your zone files)
and perhaps examples of how to split the records using BIND
(because this information is not readily available to the public
since it seems that TXT records do not typically grow to >255
chars).
Yes, that is a reasonable suggestion.
-wayne