spf-discuss
[Top] [All Lists]

RE: Website/Wizard update for BIND Long TXT records

2005-08-10 23:20:49

Thanks Wayne, your message contains excellent help...

From: wayne [mailto:wayne(_at_)schlitt(_dot_)net] 
It can sometimes be more convienient to split the single TXT 
RR across mutliple lines, which can be done by adding 
parentheses.  This is commonly done on SOA records, but it 
can be done anywhere.  So, you might use:

example.org.  TXT  ( "v=spf1 ip4:1.2.3.4 ip4:2.3.4.5 ip4:3.4.5.6 "
                     "ip4:4.5.6.7 ip4:5.6.7.8 ip4:6.7.8.9 ... "
                     "ip4:99.98.97.96 ip4:98.97.96.95 -all" )

Pay special attention to the fact that there needs to be at 
least one space added either at the end of the strings, 
and/or at the beginning of the next sub-string.  When the 
subs-strings are put back together, they are done so without 
adding spaces.

I had been fearful of splitting up lines AND of going
to long line lenghts -- without really understanding what
the rules truly are.

FYI: for those on Microsoft DNS the syntax is to just start
a new line (add the space on the end or beginning of the lines).
No quotes nor "()" parens are necessary nor wise.

Text(TXT)
[Record name: (same as parent if left blank)]  
        (same as parent folder -- probably)
[FQDN:] 
        example.org.  
          (greyed out, since it is auto-set by previous box)

[Text:]
v=spf1 ip4:1.2.3.4 ip4:2.3.4.5 ip4:3.4.5.6 
   ip4:4.5.6.7 ip4:5.6.7.8 ip4:6.7.8.9 ... 
   ip4:99.98.97.96 ip4:98.97.96.95 -all

Of course MS-DNS is (usually a) dialog box so the above
gives the flavor of filling out the dialog.

One advantage of this method is that the (stupid) limitation
of the dialog box, in only showing about 50 characters across,
is avoided.

--
Herb Martin


-----Original Message-----
From: wayne [mailto:wayne(_at_)schlitt(_dot_)net] 
Sent: Wednesday, August 10, 2005 10:05 PM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: Re: [spf-discuss] Website/Wizard update for BIND 
Long TXT records

In <NGBBLEIJOEEEBMEIAPBKCEMCIMAA(_dot_)scott(_at_)kitterman(_dot_)com> Scott 
Kitterman <spf2(_at_)kitterman(_dot_)com> writes:

Another recommended update for the wizard submitted via the 
web site....

subject: Long SPF entries w/ BIND
message: I have run into what appears to be a BIND limitation with 
long TXT records. These records are limited to 255 characters per 
_line_, however, unlike TinyDNS, BIND does not automatically split 
records across multiple lines automatically.

Well, technically, the limitation isn't 255 characters per 
*line*, but per *sub-string".  As the submitter says, TinyDNS 
will automatically split log strings, but bind won't.


What this means is that organizations with long SPF records (e.g. 
when they have many servers that can send mail on their behalf and 
cannot condense the list using CIDR because the servers 
addresses are 
not on bit-boundaries) must manually split them across multiple 
lines.

Again, it isn't lines, per-se, but substrings.

For example, the TXT RR on tcp.midwestcs.com is all on one 
line in the zone file, even though it is *well* over 255 
characters.  It is made up of several sub-strings, each of 
which is 255 characters long.


So, to be more explicit, say you want:

example.org.  TXT  "v=spf1 ip4:1.2.3.4 <300 characters deleted> -all"

This will not work in bind because the single string is too long.
Instead you need to do something like this:

example.org.  TXT  "v=spf1 ip4:1.2.3.4 <200 characters 
deleted> " "ip4:99.98.97.96 <more chars deleted> -all"

It can sometimes be more convienient to split the single TXT 
RR across mutliple lines, which can be done by adding 
parentheses.  This is commonly done on SOA records, but it 
can be done anywhere.  So, you might use:

example.org.  TXT  ( "v=spf1 ip4:1.2.3.4 ip4:2.3.4.5 ip4:3.4.5.6 "
                     "ip4:4.5.6.7 ip4:5.6.7.8 ip4:6.7.8.9 ... "
                     "ip4:99.98.97.96 ip4:98.97.96.95 -all" )

Pay special attention to the fact that there needs to be at 
least one space added either at the end of the strings, 
and/or at the beginning of the next sub-string.  When the 
subs-strings are put back together, they are done so without 
adding spaces.



Can you please make some indication of this on the SPF wizard page 
(where it gives the examples of what to paste into your 
zone files) 
and perhaps examples of how to split the records using 
BIND (because 
this information is not readily available to the public since it 
seems that TXT records do not typically grow to >255 chars).

Yes, that is a reasonable suggestion.


-wayne

-------
Sender Policy Framework: http://spf.pobox.com/ Archives at 
http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily 
deactivate your subscription, please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com