DNS - SPF record error

Question

Hi,  
Do you know what means the message below?    
notice zrd[7062]: 01150216:5: Notice from named-checkconf: zone domain.com.br/IN: 'spf.domain.com.br' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
This is logged several times, but when I check the records with a SPF validator, it doesn't show any errors in the settings.
Any idea?
TXT record: "v=spf1 ip4:177.10.10.0/25 include:spf.domain.com.br include:spf2.domain.com.br ~all"
I'm sorry about the masked data.
Any help I'll aprreciate.
Thank you.

ianb · Answer

This is a warning from bind (named).&nbsp;
When SPF was originally implemented, it used TXT records, as there was no RR type for SPF. This was later added by RFC4408, and the named developers eventually added a warning, to alert you if both TXT and SPF RR types were not present.  &nbsp;
As per RFC4408, "An SPF-compliant domain name SHOULD have SPF records of both RR types", so it's not compulsory, but you SHOULD do it, and that's why named gives a warning, but not an error.&nbsp;
In other words, the SPF validator you used isn't actually as thoroughly as named is. It SHOULD also be warning you when the SPF record is not present (or if it contains different data from the TXT spf record)&nbsp;
There's a discussion about the issue in this google forums thread: https://groups.google.com/d/msg/comp.protocols.dns.bind/6Miv-dfaoXo/Z-NQHlqsHa4J&nbsp;

Forum Discussion

DNS - SPF record error

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Using F5 Distributed Cloud DNS Load Balancer health checks and DNS observability

Logging of DNS Requests and Responses without a DNS license

GSLB Split DNS by iRule

Logging DNS Requests

Persistence records point to 127.0.0.1:10001