rants, tirades, ruminations
publishing real SPF resource records with tinydns posted Tue, 12 Jan 2010 19:45:36 UTC
Since I just suffered a bit trying to figure this out on my own, I figured I'd blog about it so no one else would have to suffer. I was snooping around earlier looking at my exim configuration and messing with my current SPF records. Because of the handy SPF tool here, I learned that there is now a dedicated SPF resource record (there has been for awhile apparently as defined in RFC 4408).
So being who I am, I immediately set out to discover how to publish such a record via tinydns, my chosen DNS server software.
Since the stock version of tinydns doesn't support the SPF record type directly, you're left using the generic declaration. My current TXT record for bitgnome.net is:
'bitgnome.net:v=spf1 a mx a\072arrakis.bitgnome.net -all:86400
The proper form of this as an actual SPF resource record in the generic tinydns format becomes:
:bitgnome.net:99:\047v=spf1 a mx a\072arrakis.bitgnome.net -all:86400
Now, if you're at all familiar with SPF records in general, the \072 will probably make sense as the octal code for a colon. The tricky part that had me confused was the \047 which happens to be an apostrophe. Using a command like dnsq txt bitgnome.net ns.bitgnome.net gave me a TXT record with the expected SPF string as a return, but prepended by a single apostrophe.
Once I finally realized that it was giving me the length of the record in bytes in octal (\047, or 39 bytes for this particular record), everything finally clicked! I initially tried prepending my other domains with the exact same value and kept wondering why host -t spf bitgnome.com was returning
;; Warning: Message parser reports malformed message packet.!
So simply convert the SPF record length (everything from v= to the end of the string (-all in my case)) in bytes from decimal to octal, slap it on the front of that generic record definition, and away you go!