Records can not be found

Question

Issue: my SPF Record (TXT) can not be retrieved from the DNS entry of the domain zwischengas.com
In my DNS entry I have one line for the SPF Record (as TXT entry):

@  IN TXT "v=spf1 ip4:188.a.b.c ip4:xyz/22
ip4:xyz/24 ip4:xyz/21 ip4:xyz/24 ip4:xyz/24" "ip4:xyz ip4:xyz/22
ip4:xyz ip4:xyz/29 ip4:xyz/29 ip4:xyz/28" "ip4:xyz/24 ip4:xyz/24 a mx
?all"

I have the problem, that this SPF Record can not be found and I have no clue why. According to the RFC splitting up a very long line into multiple strings is recommended in order to keep all substrings smaller than 255 characters.

My domain is zwischengas.com , the Mail Server's IP is 188.a.b.c, anybody a clue?

I tried these tests without success:

host -t txt zwischengas.com
spfquery -ip-address 188.a.b.c -m [email protected] -h zwischengas.com

Also the tests with online tools are without success:

• http://www.kitterman.com/spf/validate.html
• http://mxtoolbox.com/DNSLookup.aspx

Also Google Mail (gmail.com) can not retrieve my SPF record (according to the original mail header section):

Received-SPF: neutral (google.com: 188.a.b.c is neither permitted
nor denied by best guess record for domain of
[email protected]) client-ip=188.a.b.c;

Answer 1

Working Solution

You can test the correctness of your SPF record by calling

host -t txt myhost.com

A simple SPF record could look like this:

@ IN TXT "v=spf1 ip4:244.11.23.13 a mx ?all"

If you add IPs one after the other, you can end up in error messages from the DNS Server saying that the string is too long.
A valid solution to this is to introduce " " into it.

So instead of

@  IN TXT "v=spf1 ip4:244.11.23.13 ip4:144.21.23.13 ip4:222.11.11.13 ip4:244.182.23.191 ip4:203.101.22.13 a mx ?all"

you would have (an example):

@ IN TXT "v=spf1 ip4:244.11.23.13 ip4:144.21.23.13" " ip4:222.11.11.13 ip4:244.182.23.191" " ip4:203.101.22.13 a mx ?all"

The " " option is described in the appropriate RFC and is accepted by all DNS Servers (what actually happens is, the " " is removed and the substrings get concatenated).

But what if you have 20 IPs? You end up in a string which is by far longer than what is allowed. What can you do?

The solution to this is called: include

An example:

@ IN TXT "v=spf1 include:_spf1.myhost.com include:_spf2.myhost.com a mx ?all"
_spf1 IN TXT "v=spf1 ip4:244.11.23.13 ip4:144.21.23.13 a mx ?all"
_spf2 IN TXT "v=spf1 ip4:222.11.11.13 ip4:244.182.23.191 ip4:203.101.22.13 a mx ?all"

You can extend that with N hierarchies. I hope this helps as it took me some time to find this out!!