multiserver named different versions SPF record

Tootle

Verified User
Joined
Sep 1, 2011
Messages
38
SRV1: CentOS 5.11 - BIND 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.10
SRV2: Centos 7 - BIND 9.9.4-RedHat-9.9.4-29.el7_2.4 (Extended Support Version)

after sync multiserver zones from SRV2->SRV1
Code:
echo "action=rewrite&value=named" >> /usr/local/directadmin/data/task.queue

service named fails to start on SRV1
Code:
$ service named restart

/var/named/domain.com.db:43: unknown RR type 'SPF'
dns_master_load: /var/named/domain.com:43: syntax error
dns_master_load: /var/named/domain.com.db:43: syntax error
zone domain.com/IN: loading master file /var/named/domain.com.db: unknown class/type
_default/domain.com/IN: unknown class/type
                                  [FAILED]
now: because of SPF field which must be TXT type on earlier version of BIND? So, everytime SRV2 will sync with SRV1 if I DID NOT correct manually records in .db files named won't start?
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,580
Do you have dns_spf=1 in directadmin.conf? If so, you should not when running a CentOS 5 server, please see this: http://www.directadmin.com/features.php?id=1477

The catch is, it requires that the version of bind (named) you're using to support it.
We've not yet found a simple/reliable check for this, so this feature is off by default.
Internal default is:
dns_spf=0
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
Hello,

You probably added a SPF record in DNS as type SPF-records, which is not supported by bind version on CentOS 5.x.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
@Andrea,

The bind directly supports the SPF RR type (code 99) since 9.4 version. So there is no support of SPF RR type in 9.3.6 yet.

Release was announced here:
http://www.gossamer-threads.com/lists/spf/deployment/30942

BIND 9.4 has been released. This is the first non-beta release that
directly supports the SPF RR type (code 99). And, no, they aren't
mentioning this fact anywhere except for deep down in the CHANGES file.
 

SeLLeRoNe

Super Moderator
Joined
Oct 9, 2004
Messages
6,794
Location
A Coruña, Spain
Thanks :) Hope they'll implement also in 9.3.x branch because my NS servers are using CentOS 5 (they are DELL PE 750 and apparently not working with CentOS 6, not sure about CentOS 7) :)

Best regards
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
Andrea,

the current branches are 9.11.x, 9.10.x, 9.9.x.
the version 9.3.x is far behind already, so hardly will it ever get new features. They say here: https://www.isc.org/downloads/software-support-policy/

In general, software releases are supported until two major releases, (major releases are based upon significant new features to the code) have come out after them. Examples of major releases are BIND 9.9 and 9.10, or DHCP 4.1 and 4.3. For example: 9.7.x general support was phased out 6 months after 9.9.0 was introduced. Currently, we publish minor, or maintenance releases approximately every six months and major releases approximately every 2 years. There may be exceptions to this in the future.
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
Thus you might consider building bind from a source in case if you need SPF RR type.
 
Top