Leopard DNS Server: Zones with SPF records?

Hi all,
I'm trying to figure out how to setup SPF (Sender Policy Framework) records for some domains I'm currently managing with a Leopard DNS server and I don't see any documentation anywhere. Can someone please tell me if it's even an option? I'm new to running DNS with Leopard, so I could use all the help I can get.
Sincerely,
Israel
Message was edited by: Israel Thompson
Message was edited by: Israel Thompson

Israel Thompson wrote:
So let me see if I have this right. Any changes I want to make that will not be editable in the GUI, I want to do them in db.mydomain.com instead of db.mydomain.com.zone.apple? Easy enough. However I tried adding "v=spf1 a mx ~all" (with quotes) to my file and it appeared to have broken the dns zone. What’s the proper way to enter these in manually? Can you give me an example of how it looks in your zone files? I’ve pasted a sample of mine below. Tell me if anything is wrong.
Israel,
I am new to Leopard Server - so I'm no DNS guru. I, too, have not used a DNS setup tool that requires a FQDN just associate an IP with the base of the domain (mydomain.com.). How did you get your 'mydomain.com. IN A 11.22.33.44' accomplished? Did you create a new A record and put mydomain.com. in the Machine Name field?
Here's my setup:
========================
db.mydomain.com
========================
;THE FOLLOWING INCLUDE WAS ADDED BY SERVER ADMIN. PLEASE DO NOT REMOVE.
$INCLUDE /var/named/zones/db.mydomain.com.zone.apple
========================
db.mydomain.com.zone.apple
========================
$TTL 10800
mydomain.com. IN SOA ns1.mydomain.com. admin.mydomain.com. (
2008010951 ;Serial
7200 ;Refresh
3600 ;Retry
604800 ;Expire
345600 ;Negative caching TTL
mydomain.com. IN NS ns1.mydomain.com.
mydomain.com. IN NS ns.mydomain.com.
mydomain.com. IN A 64.251.168.218
mydomain.com. IN TXT "v=spf1 ip:64.251.168.218 ip:64.251.168.220 ~all"
www IN A 64.251.168.218
mail.mydomain.com. IN A 64.251.168.220
mail.mydomain.com. IN TXT "v=spf1 a ~all"
xserve.mydomain.com. IN A 64.251.168.218
xserve.mydomain.com. IN TXT "v=spf1 a ~all"
ns IN A 64.251.168.218
ns1 IN A 64.251.168.220
mydomain.com. IN MX 10 mail.mydomain.com.
... where xserve.mydomain.com is my machine's hostname.
I have a funky setup for DNS because I don't have a different, or second, DNS server (just the one on my Xserve with everything else) and my name servers are under this zone. I added the two IPs for my mail and hostname to the base SPF record. Someone could still spoof from using the name or www domains (same IPs) but I can check for it using Postfix up front. I also added "v=spf1 a ~all" in case another mail server tries to check the mailing server or hostname directly.
You'll usually want to set a TXT "v=spf1 ~all" (SPF null) for any records that have no possibility for mail origins, like your ftp and mobile, but it appears you also have a similar issue to me - those services will be running under the same IPs as the mail service. This is why I added "v=spf1 a ~all" to all essential services (mail and hostname). I don't know what will happen if you add an SPF null to an unnecessary service that happens to also have the same IP. (Will the IP get blocked in a cache during a lookup??) So I didn't add an SPF TXT to those domains. I'm a little confused at this point. I should probably read more about it.
http://www.openspf.org/FAQ/Common_mistakes
Also, you'll notice I added FQDN to mail and xserve. If I do this and ensure they are in my reverse DNS PTR records then I've seen that when I add new zone records with same IPs (like for another domain) then the PTR records don't keep switching to the newest entry (why does it do that?).
I don't think your use of the . in the CNAME records is correct. I think the CNAME records are probably unnecessary since you have already fully defined the domains in A records. Also, those A records probably don't need FQDNs (with the ending .). I only added mine for the reason noted above, concerning the PTR records.
I hope someone who knows some more than I can chime in on this.
Larry
Message was edited by: Larry_S (removed mx from SPF TXT for main domain record, as it was redundant with the ip:)

Similar Messages

  • How DNS Server works with workgroup machines

    Hi All,
    I have 1 AD with DNS Server and few machines are in workgroup. I have given my network IP to this machines including Primary, Alternate DNS Server. I am able to use ping -a command to resolve IP address to Computer Name. I have tried to search this workgroup
    machines DNS entries on DNS Server but no use.
    Please suggest how to check this records & clear stale records
    Thanks & Regards,
    Amol Bhosale

    Hi,
    When you join a computer to a domain, the Primary DNS Suffix is automatically configured, which matches the name of the AD DNS domain name, which should also be identical to the DNS zone name. However, workgroup computers normally do not have a Primary
    DNS Suffix, unless you’ve already manually configured all of them.
    I assume that you didn’t configure the Primary DNS suffix for the workgroup computer, right? That would be the reason that there is no DNS record for the workgroup computer in DNS server.
    Please manually
    add the primary DNS suffix on the client and check “Use this connection’s DNS suffix in DNS registration” on the workgroup computer in Advanced TCP/IIPv4 Settings, then change the Dynamic Update type to “Nonsecure and secure” in DNS.
    If that workgroup computer is DHCP enabled, you can also use DHCP server to force register all leases by following Ace’s article below:
    DNS Dynamic Updates in a Workgroup
    Best regards,
    Susie
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • DNS Server problems with ASA 5505

    Hi guys,
    we setup a new ASA 5505 which is mainly used as our VPN gateway. The ASA is configured and controlled by our ISP (and this is where the problem starts )) and they somehow cannot manage to get the VPN settings really working.
    So, here is our problem.
    our machines(Windows 7) are configured to get the network settings through DHCP (Windows 2012 Server).
    Before I connect with AnyConnect to our VPN gateway, the DNS Server setting in the network settings for the adapters(IPv4) are set to 'dynamic'
    When I now connect, this setting is changes to a statc entry (which is our DNS server).
    When disconnecting, it is not reverted back, which means I have to do this always manually.
    What I do not understand is the fact, that the DNS server is set for all the adapters, shouldtn't it be only set to the anyconnect adapter?.
    The interesting thing is, that when I connect to a different ASA, this does not happen. The ISP is now saying, that the machines are configured exactly the same and that they cannot reproduce, but I can't believe this.
    This issue shows up at every machine which connects to our vpn, so it is not only a single machine which might be misconfigured.
    Do you have any idea what might cause this issue?
    btw, the second ASA (which works) is from our partner company, so we cannot simply copy the config
    THanks in advance
    Patrick

    Nice to see someone from BT has addressed your issue 
    I have this exact same problem, seems completely bizarre, I'm pretty sure I had the same problem with the original home hub (i have the latest one now). Can you confirm whether the problem does affect anyone with a bt home hub and not just the one that the dyndns is pointing at? I'll try and confirm by hitting your domain from my home connection.

  • DNS Server Issues with Comcast and Airport Extreme wifi routers

    I am having significant challenges with 3 Airport Extreme (latest gen) wifi routers and my Comcast Xfinitity service.  It once worked just fine, but now I continually get the blinking amber lights stating "No DNS servers" for each of the Airport Extreme (AE) routers.  My configuration is:
    Coax cable -> Comcast Xfinity cable modem -> ethernet to 16-port gigabit ethernet switch ->->-> ethernet to 3 Airport Extremes around the house direct connected with switch
    I have many wifi devices throughout the house (iPads, MacBooks, home automation devices) as well as direct-connected devices via ethernet (one PC connected to AE router).
    Each Airport Extreme router is set with these settings in the Airport Utility app: 
    Internet tab=  Connect using: DHCP
    Wireless tab=  Network mode: Create a wireless network
    Network tab=   Router mode: Off (Bridge Mode)
    I have attempted to put the Xfinity cable modem in bridge mode, and use the Airport Extreme to serve up the IP addresses, but still lost internet connectivity.
    I have also attempted to set the Network tab=> Router Mode to "DHCP and NAT" but get "Double NAT" error issues as well.
    I have tried using the Comcast DNS server addresses (75.75.75.75;75.75.76.76) setting on the Internet tab for the routers and do end up getting a green light, but NO internet connectivity.
    Lastly, I have tried using the Google DNS servers (8.8.8.8;8.8.4.4) setting on the Internet tab the routers giving me the No DNS servers amber light error and again, no Internet connectivity for either wifi-connected or even ethernet connected (directly to Airport Extreme router) devices (like my PC) despite getting a green light on the router.
    Any this point, it really seems that these AE routers are NOT compatible with the Xfinity cable modem or service… (and yes, I've tried power-cycling and restarting the modem, and then the AE routers, MANY times to little avail).
    Should I move one of these Airport Extreme wifi routers to before the switch, and have the other 2 in Bridge mode after the switch?  Do I need to setup a specific range of DHCP reservation addresses for each different AE router?
    Appreciate any insight anyone can share with this aggravating DNS server issue between Comcast & multiple Airport Extreme wifi routers.

    I do not see anything wrong with your basic setup.. the issue is indeed the WAN ports of the AE.. AC version are having problems with some network equipment.
    You have listed a stack of things you have tried.. but I want you to move the ethernet patch cable you use on each AE to its LAN port instead of WAN.
    Restart the airport when you do that.. and then see if it becomes stable.
    In bridge mode the airport moves the WAN port to LAN.. but the WAN port setup itself seems more problematic than the LAN ports.
    There are other methods we can try if this does not work.. but in the end.. I would be tempted to take the whole lot back to apple.. they need to start making equipment that works with standard modems and switches.
    BTW what brand is the 16 port switch?? Does it happen to be managed (smart type)?

  • DNS fails using router IP address as DNS server address with static IP

    This is my first experience with a Linksys router so it might be normal behaviour but just wanted to check. With a WRT54G2 router I have a few PC's I want to use static IP. Up till now with other brand routers including Belkin and Dlink, I have been able to just put the router IP address in as the address of the DNS server when I use static IP. This seemed to work initially with the Linksys but now for some reason, if I don't code the IP addresses of the DNS server provided by my ISP, DNS lookup fails.  If I use DHCP for the PC's there is no problem.
    Is that normal behaviour or is there something wrong I am doing?
    Thanks
    Larry

    I decided to upgrade my Linksys 54G router to a "Ultra RangePlus Wireless-N Broadband Router (WRT160N)Version 1" . I have had problems with the wireless (as far as I know just wireless portion) connection dropping. I have done some searching I was able to find some settings to try, and it did work better, but not for too long. I have this router within arm reach away, so it's not a distance issue. I have tried many things for about the last 6months or so.
    As a last resort, and I do mean last resort and against my better judgement I purchased " Dual-Band Wireless-N Notebook Adapter (WPC600N) Version 1". I was hoping it was a compatibility issue, but there was no difference.
    I have heard of trying older firmware, but I can't find any.
    I have been a Linksys fan for quite sometime, but as of recently I am thinking of reconsidering if I can't get this resolved with out spending any more money.

  • DNS Server problem with AX

    my network only consists of the AX, my macbook, and my PC (which is rarely used anymore). At least once a week, sometimes more often, my AX reports a DNS server problem. I've plugged it in to the ethernet and the settings are they same and there is no other router involved. The AX is connected directly from the cable modem. I confirmed with my ISP that the DNS server numbers are correct and they show up in the proper fields as well. What may cause this and how can I fix it?

    Welcome to the discussion area!
    Since the Express can only use the information that it receives from the ISP,
    you might want to try the Open DNS settings to see if that will help. Just be sure to make note of your current settings in case you need to revert to them.
    208.67.222.222 and 208.67.220.220
    http://www.opendns.com/

  • Can't specify DHCP DNS server ip with a 255 in it

    I tried to add 64.102.255.44 a valid ip addres and a public DNS server to my DHCP configuration but the web interface says ip must be in the range 0-254. How can I report this bug?

    Not sure which router you have, but I have a WRT54G V5 that I was able to add that IP address as a Static DNS Server without a problem....
    You may need to call the Linksys/Cisco tech support number or use an online chat to report the bug...
    Tomato 1.25vpn3.4 (SgtPepperKSU MOD) on a Buffalo WHR-HP-G54
    D-Link DSM-320 (Wired)
    Wii (Wireless) - PS3 (Wired), PSP (Wireless) - XBox360 (Wired)
    SonyBDP-S360 (Wired)
    Linksys NSLU2 Firmware Unslung 6.10 Beta unslung to a 2Gb thumb, w/1 Maxtor OneTouch III 200Gb
    IOmega StorCenter ix2 1TB NAS
    Linksys WVC54G w/FW V2.12EU
    and assorted wired and wireless PCs and laptops

  • Dns server issues with business catalyst, website not loading

    Hi there,
    Trying to upload a new website and it has disappeared saying that the DNS lookup failed. Have checked settings under site management and all looks correct but its still not working any help would be great.

    May I have the site URL, so that I may look at the DNS settings?

  • Server 2008R2 with AD DNS Panel not showing any records only shows the zone name

    Hi All new to the Form.  We have had this new domain controller running dns for a few years now and recently I went to edit some DNS records and found them missing in the DNS console the zone names are there but nothing is under the zones just one record
    for the server under our AD domain. If i do a nslookup to this server it still displays the records as it should. It is also setup to forward the zones to a secondary server which is only pulling info from this Master 2008R2 server. Any ideas where i can try
    and recover the records for my Zones.
    Thanks

    Hi,
    According to your description, there are several possible reasons resulting in the DNS records disappearing.
    1. If the aging and scavenging was configured in the DNS server, scavenging can cause records to disappear. Even Windows-based computers that have statically assigned servers register their records every 24 hours. Verify if the
    No-refresh and Refresh intervals are too low. For example, if these values are both less than 24 hours, then we will lose DNS records. To view the settings, right-click the zone in the DC, click
    Properties, click Aging.
    2. Is there a DHCP server in your environment? DNS Dynamic Update Protocol updates to existing records fail can also cause them to be deleted by the scavenging process as aged records.
    Also, event logs are helpful to isolating the issues. Is there any event logs in your computer?
    For more details about DNS records disappearing, please refer to the link below,
    DNS Records Disappearing and DNS Auditing
    http://msmvps.com/blogs/acefekay/archive/2010/12/09/dns-records-disappearing-and-dns-auditing.aspx
    Using AD Recycle Bin to restore deleted DNS zones and their contents in Windows Server 2008 R2
    http://blogs.technet.com/b/askds/archive/2010/08/12/using-ad-recycle-bin-to-restore-deleted-dns-zones-and-their-contents-in-windows-server-2008-r2.aspx
    Best Regards,
    Tina

  • OD replica, DNS secondary zone, server will not resolve itself

    We are testing an OD replica to run in a separate location from our OD master. Master OD and DNS is all set and working as expected. Separate location network user connections and DNS all work as expected when calling the OD master and DNS primary zone. The OD replication works fine. I want to use the same machine as a DNS secondary zone getting its records from the DNS on the OD master. DNS secondary zone seems to pull the records from the primary without trouble.
    In testing the secondary DNS without forwarders or backup DNS systems, known internal addresses are resolved by the clients correctly. The issue that I am trying to resolve is that server will not resolve itself. I have the System Preferences / Network / DNS pointed to 127.0.0.1. The DNS is resolving for the clients. Running changeip -checkhostname gives
    "The DNS hostname is not available, please repair DNS and re-run this tool."
    If I ask a client to browse to the server's web site it resolves fine and I get the default page as expected.
    With all of the above in mind, binding a local client to the OD replica and pointing the clients' DNS at the DNS secondary zone results in failure of the bind and the client saying that the server is not responding. If the DNS on the client is pointed to the DNS primary zone, the bind works fine and everything behaves as expected. Pointing the Server to the DNS primary zone resolves the problem as well and it is able to resolve itself.
    The problem is that if our connection to our primary site goes down, I want everything to function independently at the second location. If the primary DNS zone is gone the OD replica server cannot resolve itself and authenticaion then does not happen making the OD replica pointless.
    Any ideas?
    Thanks.

    Found it. I did not copy the reverse mappings from the primary DNS zone.
    On the primary zone
    - In Server.app/DNS/ select show all records in the gear
    - double click reverse header for each subnet and indicate to allow zone transfer for the reverse records
    On the secondary zone
    - Add additional secondary zones for the exact title of each reverse record zone
    - example main records are FQDN.com
    - reverse records are 2.81.10.in-addr.arpa for the items in the 10.81.2.0 subnet
    OD replica now resolves itself.

  • Cisco 877W acting a a DNS server. Does it answer external DNS queries coming from the WAN

    Hello,
    I have a Cisco 877W running on my ADSL2+ service at home.
    It is setup to act as a DNS server to answer DNS queries for my LAN and has the below commands as part of its configuration
    ip dns server
    ip dhcp pool LAN
       network 192.168.2.0 255.255.255.0
       default-router 192.168.2.254
       dns-server 8.8.8.8
    My question is, when I scan my WAN IP for open ports, port 53 (DNS) is open. Does this mean my router will be acting as a DNS server for anyone on the internet who directs DNS queries to my WAN IP?
    If so, am I able to turn off port 53 towards the Internet, or do I need to add an an access-list to only accept queries from my internal network.
    Thanks for your feedback.

    That's correct. The "ip dns server" command will answer queries on any interface.
    Given that your DHCP server is telling your clients to use Google DNS and not your router, I would just turn the router's DNS server off with the "no ip dns server" command.
    Setting up an ACL (and/or inspection or zone-based firewalling) on your Internet-facing interface is the best practice to protect your network in general, not just to prevent external DNS queries.

  • DNS server configuration and behaivour

    Hi all,
    I'm looking for detail explanations which can explain how Mac OS X 10.6 *DNS client* works and may be configured.
    According to http://discussions.apple.com/thread.jspa?threadID=2227251 nothing is not guaranteed like order and failover.
    According to http://support.apple.com/kb/HT4030 failover will take affect when DNS server returns with SERV_FAIL (0x2) error code. What about NXDOMAIN (0x3) error code (which is more interesting scenario)?
    What I'm looking for DNS client?
    I'm looking for several DNS servers configuration which allow to split DNS domains for several areas. This, for example, may be very useful for VPN connections when VPN DNS server will resolve internal resource and another server (configured before VPN tunnel established) will resolve external resources.
    Is there any possible configuration to achieve this requirement for Mac OS?
    Thanks in advance,
    Oleg.

    Thanks Felix for quick response.
    In your scenario:
    1. You configured to different DNS servers and probably only one of them replied to DNS queries. And this is OK.
    2. When non valid IP configured means that DNS server will not reply to DNS query and than failover will query the second DNS server in the list. And this is also OK.
    I'm looking 2 different DNS servers configuration when one of them will reply to different domains. For example:
    First server will reply to *.mycompany.com.
    The second one will reply to any query except mycompany.com domain(since it is not published).
    Thanks again,
    Oleg.

  • How do I set an SPF record?

    I'm quite unfamiliar with SPF records, but I'm using FreshBooks to invoice my clients. However, my invoices seem to be going to many people's junk and spam folders. Freshbooks is suggesting to set an SPF record to avoid this. Can this be done with icloud emails, or is this specifically for a privately owned domain email?

    If you have set up your Domain A-record on the registra to point web traffic to BC you do not set up another A-record in BC.

  • Help with Proper DNS Setup for Leopard Standard Server Setup

    Hello All,
    Problem Description-
    I was reviewing some training today on DNS setup and checking for proper setup with the sudo changeip - checkhostname tool and I seem to have an incorrectly configured DNS setup. So I need some help on correcting it. When I go to the "Server Preferences" tool I cannot log in using apple.ourdomainname.com instead in order to use the tool I have to input localhost as the server name. Now I just thought that the system was broken or something and with the help of my training I now see it's a DNS problem. I thought I had everything proper since I followed the steps of creating proper DNS/RDNS entries with my ISP. Now I am stuck wondering what else isn't working properly due to the DNS issue. Thanks in advance.
    Technical Info-
    My ISP provides us with 5 static IP's and we have asked them to create entries and verified the setup of apple.ourdomainname.com = x.x.x.x which is one of our public IP's assigned currently assigned to the WAN port of our Apple Airport Extreme. We have also had them create a PTR record which also is present, verified and functional. Our MacMini running 10.5.5 is connected directly to one of the ethernet ports on our Apple Airport Extreme which is our NAT/Firewall for the LAN. So during the setup of the Standard Server install the OS configured the Airport with the required ports for chat/web/vpn. And mobile Mac's can VPN in and gain folder access and web works fine too. We don't use the e-mail portion so I can't say how that works. The server is using the DNS of 10.0.200.1 which is the IP of the Airport and the airport is programmed with the DNS of OpenDNS servers 208.67.222.222 and 208.67.220.220. The reason for this whole long shpeal is that I want to give as much technical background as possible for the best possible help.
    Thanks
    DM

    What happens when you use 'Localhost' instead of 'localhost' (i.e. capitalizing the 'L')?

  • 2 domain, each with 2 way transitive truts, with sub domains pointing to the same DNS server (how should forward and reserver look zone be configured)

    Hello,
    I found a test environment and I just trying to understand how it works.
    If I have two domains (a.com and b.com) with sub domains(a1.com and b1.com) with two way trust and I want them to point to a Windows DNS server. How should the Forward lookup zones and Reverse lookup zones be configured? In forward lookup
    zones do I just add a new zone, make them all primary since only one DNS server, add a.com and b.com and do the same for reverse zones.
    Do the sub domains need to be added? What about pointers? Do I add the IP address of a.com and b.com in reverse lookup zones.
    A side question: When you create a Domain with dns AD intergrated the forward and reserve lookup are automatically created. You don't need to add the zone of the domain you just created but have to add zones of other domains.

    Hello,
    I found a test environment and I just trying to understand how it works.
    If I have two domains (a.com and b.com) with sub domains(a1.com and b1.com) with two way trust and I want them to point to a Windows DNS server. How should the Forward lookup zones and Reverse lookup zones be configured? In forward lookup
    zones do I just add a new zone, make them all primary since only one DNS server, add a.com and b.com and do the same for reverse zones.
    Do the sub domains need to be added? What about pointers? Do I add the IP address of a.com and b.com in reverse lookup zones.
    A side question: When you create a Domain with dns AD intergrated the forward and reserve lookup are automatically created. You don't need to add the zone of the domain you just created but have to add zones of other domains.
    Make each domain controller as a DNS server too. Reverse lookup zones & forwarders are not replicated automatically. You can create AD-Integrated reverse lookup zone & set the replication scope.
    You can create AD-Integrated DNS zones in the parent/root domain, set the replication scope to the forest-wide & delegate the zones for handling request locally. Once you create AD-Integrated DNS zone & set the replication scope forest wide, all
    the zones will appear automatically in each domain's DNS server.
    http://awinish.wordpress.com/2011/04/09/configuring-dns-in-child-domain/
    Awinish Vishwakarma - MVP
    My Blog: awinish.wordpress.com
    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

Maybe you are looking for

  • How do I get the caption (Description) out of an image's metadata?

    Taking a break from a monstrous project that has had me tied up for days, I have embarked upon what I thought would be a bit of light relief (hah!). A colleague asked me for an easy way to get captions into InDesign. So I started scripting there, ask

  • How can I add email (via outlook client) to share options of preview app

    how can I add email (via outlook client) to share options of preview app

  • Using sequence in forms

    How to reset a sequence if the insert has not happened? the sequence gets incremented even if the record is not saved

  • Navigation with screens

    Hi Experts I am having a iview with three buttons new,edit and delete when each button is clicked i need to navigate to corresponding iview, please help me out in this issue Regards Noel

  • Unable to Verify Email Address

    Hello, I recently bought my daughter an ipod touch and set it all up and it was working fine with her email address. Unfortunately, we had to exchange it as it developed a fault. I am now in the process of trying to setup facetime and IM but when I e