[Opendnssec-user] spf record and opendnssec?

Daniel Salzman daniel.salzman at nic.cz
Fri Nov 30 07:41:03 UTC 2012


Hi Bas,

the problem is in the length of the character string. As RFC1035 says 
the TXT (SPF) record is an array of character strings. So the total TXT 
record length is limited to the maximal rdata length 65535 bytes. But 
each character string can have at most 255 bytes. Because of the leading 
1 byte length in wire-format.


The following example should be syntactically OK:

hcc.nl.                   IN TXT       "v=spf1 ip4:212.72.224.15 
ip4:212.72.224.16 ip4:212.72.224.27 ip4:212.72.224.29 ip4:95.97.35.102 
ip4:80.253.112.0/24 ip4:94.232.160.0/24 ip4:212.72.224.0/21 
ip6:2a02:968:1:2:212:72:224:15 ip6:2a02:968:1:2:212:72:224:16 
ip6:2a02:968:1:2:212:72:224:27" "ip6:2a02:968:1:2:212:72:224:29 +all"


Dan


On 11/29/2012 12:40 PM, Bas van den Dikkenberg wrote:
> When i add this SPF record to dns zonefile:
>
> hcc.nl.                   IN TXT        "v=spf1 ip4:212.72.224.15
> ip4:212.72.224.16 ip4:212.72.224.27 ip4:212.72.224.29 ip4:95.97.35.102
> ip4:80.253.112.0/24 ip4:94.232.160.0/24 ip4:212.72.224.0/21
> ip6:2a02:968:1:2:212:72:224:15 ip6:2a02:968:1:2:212:72:224:16
> ip6:2a02:968:1:2:212:72:224:27 ip6:2a02:968:1:2:212:72:224:29 +all"
>
> Then opendnssec wont sign the zone i get this messages in log:
>
> Nov 29 12:37:18 scripting ods-signerd: [adapter] error parsing RR at
> line 18 (Syntax error, could not parse the RR's rdata): hcc.nl.     IN
> TXT    "v=spf1 ip4:212.72.224.15 ip4:212.72.224.16 ip4:212.72.224.27
> ip4:212.72.224.29 ip4:95.97.35.102 ip4:80.253.112.0/24
> ip4:94.232.160.0/24 ip4:212.72.224.0/21 ip6:2a02:968:1:2:212:72:224:15
> ip6:2a02:968:1:2:212:72:224:16 ip6:2a02:968:1:2:212:72:224:27
> ip6:2a02:968:1:2:212:72:224:29 +all"
>
>
> Does anyone have sugestions how i can fix this?
>
> WIth kind regards,
>
> Bas van den Dikkenberg
>
>
>
> _______________________________________________
> Opendnssec-user mailing list
> Opendnssec-user at lists.opendnssec.org
> https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
>



More information about the Opendnssec-user mailing list