Thanks Wayne, your message contains excellent help...
From: wayne [mailto:wayne(_at_)schlitt(_dot_)net]
It can sometimes be more convienient to split the single TXT
RR across mutliple lines, which can be done by adding
parentheses. This is commonly done on SOA records, but it
can be done anywhere. So, you might use:
example.org. TXT ( "v=spf1 ip4:1.2.3.4 ip4:2.3.4.5 ip4:3.4.5.6 "
"ip4:4.5.6.7 ip4:5.6.7.8 ip4:6.7.8.9 ... "
"ip4:99.98.97.96 ip4:98.97.96.95 -all" )
Pay special attention to the fact that there needs to be at
least one space added either at the end of the strings,
and/or at the beginning of the next sub-string. When the
subs-strings are put back together, they are done so without
adding spaces.
I had been fearful of splitting up lines AND of going
to long line lenghts -- without really understanding what
the rules truly are.
FYI: for those on Microsoft DNS the syntax is to just start
a new line (add the space on the end or beginning of the lines).
No quotes nor "()" parens are necessary nor wise.
Text(TXT)
[Record name: (same as parent if left blank)]
(same as parent folder -- probably)
[FQDN:]
example.org.
(greyed out, since it is auto-set by previous box)
[Text:]
v=spf1 ip4:1.2.3.4 ip4:2.3.4.5 ip4:3.4.5.6
ip4:4.5.6.7 ip4:5.6.7.8 ip4:6.7.8.9 ...
ip4:99.98.97.96 ip4:98.97.96.95 -all
Of course MS-DNS is (usually a) dialog box so the above
gives the flavor of filling out the dialog.
One advantage of this method is that the (stupid) limitation
of the dialog box, in only showing about 50 characters across,
is avoided.
--
Herb Martin
-----Original Message-----
From: wayne [mailto:wayne(_at_)schlitt(_dot_)net]
Sent: Wednesday, August 10, 2005 10:05 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Website/Wizard update for BIND
Long TXT records
In <NGBBLEIJOEEEBMEIAPBKCEMCIMAA(_dot_)scott(_at_)kitterman(_dot_)com> Scott
Kitterman <spf2(_at_)kitterman(_dot_)com> writes:
Another recommended update for the wizard submitted via the
web site....
subject: Long SPF entries w/ BIND
message: I have run into what appears to be a BIND limitation with
long TXT records. These records are limited to 255 characters per
_line_, however, unlike TinyDNS, BIND does not automatically split
records across multiple lines automatically.
Well, technically, the limitation isn't 255 characters per
*line*, but per *sub-string". As the submitter says, TinyDNS
will automatically split log strings, but bind won't.
What this means is that organizations with long SPF records (e.g.
when they have many servers that can send mail on their behalf and
cannot condense the list using CIDR because the servers
addresses are
not on bit-boundaries) must manually split them across multiple
lines.
Again, it isn't lines, per-se, but substrings.
For example, the TXT RR on tcp.midwestcs.com is all on one
line in the zone file, even though it is *well* over 255
characters. It is made up of several sub-strings, each of
which is 255 characters long.
So, to be more explicit, say you want:
example.org. TXT "v=spf1 ip4:1.2.3.4 <300 characters deleted> -all"
This will not work in bind because the single string is too long.
Instead you need to do something like this:
example.org. TXT "v=spf1 ip4:1.2.3.4 <200 characters
deleted> " "ip4:99.98.97.96 <more chars deleted> -all"
It can sometimes be more convienient to split the single TXT
RR across mutliple lines, which can be done by adding
parentheses. This is commonly done on SOA records, but it
can be done anywhere. So, you might use:
example.org. TXT ( "v=spf1 ip4:1.2.3.4 ip4:2.3.4.5 ip4:3.4.5.6 "
"ip4:4.5.6.7 ip4:5.6.7.8 ip4:6.7.8.9 ... "
"ip4:99.98.97.96 ip4:98.97.96.95 -all" )
Pay special attention to the fact that there needs to be at
least one space added either at the end of the strings,
and/or at the beginning of the next sub-string. When the
subs-strings are put back together, they are done so without
adding spaces.
Can you please make some indication of this on the SPF wizard page
(where it gives the examples of what to paste into your
zone files)
and perhaps examples of how to split the records using
BIND (because
this information is not readily available to the public since it
seems that TXT records do not typically grow to >255 chars).
Yes, that is a reasonable suggestion.
-wayne
-------
Sender Policy Framework: http://spf.pobox.com/ Archives at
http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily
deactivate your subscription, please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com