multiserver named different versions SPF record

[Tootle]

SRV1: CentOS 5.11 - BIND 9.3.6-P1-RedHat-9.3.6-25.P1.el5_11.10
SRV2: Centos 7 - BIND 9.9.4-RedHat-9.9.4-29.el7_2.4 (Extended Support Version)

after sync multiserver zones from SRV2->SRV1

echo "action=rewrite&value=named" >> /usr/local/directadmin/data/task.queue

service named fails to start on SRV1

$ service named restart

/var/named/domain.com.db:43: unknown RR type 'SPF'
dns_master_load: /var/named/domain.com:43: syntax error
dns_master_load: /var/named/domain.com.db:43: syntax error
zone domain.com/IN: loading master file /var/named/domain.com.db: unknown class/type
_default/domain.com/IN: unknown class/type
                                  [FAILED]

now: because of SPF field which must be TXT type on earlier version of BIND? So, everytime SRV2 will sync with SRV1 if I DID NOT correct manually records in .db files named won't start?

 

[ditto]

Do you have dns_spf=1 in directadmin.conf? If so, you should not when running a CentOS 5 server, please see this: http://www.directadmin.com/features.php?id=1477

The catch is, it requires that the version of bind (named) you're using to support it.
We've not yet found a simple/reliable check for this, so this feature is off by default.
Internal default is:
dns_spf=0

 

[Tootle]

Do you have dns_spf=1 in directadmin.conf? If so, you should not when running a CentOS 5 server, please see this: http://www.directadmin.com/features.php?id=1477

Thanks @ditto,

yes, on Centos 7 I have dns_spf=1, sadly I have to turn this feature OFF if I want MSS to work on those different OS boxes.

 

[zEitEr]

Hello,

You probably added a SPF record in DNS as type SPF-records, which is not supported by bind version on CentOS 5.x.

 

[SeLLeRoNe]

Hi Alex,

do you know from which version is the SPF record type available for bind?

Thanks

 

[zEitEr]

@Andrea,

The bind directly supports the SPF RR type (code 99) since 9.4 version. So there is no support of SPF RR type in 9.3.6 yet.

Release was announced here: http://www.gossamer-threads.com/lists/spf/deployment/30942

BIND 9.4 has been released. This is the first non-beta release that
directly supports the SPF RR type (code 99). And, no, they aren't
mentioning this fact anywhere except for deep down in the CHANGES file.

 

[SeLLeRoNe]

Thanks Hope they'll implement also in 9.3.x branch because my NS servers are using CentOS 5 (they are DELL PE 750 and apparently not working with CentOS 6, not sure about CentOS 7)

Best regards

 

[zEitEr]

Andrea,

the current branches are 9.11.x, 9.10.x, 9.9.x.
the version 9.3.x is far behind already, so hardly will it ever get new features. They say here: https://www.isc.org/downloads/software-support-policy/

In general, software releases are supported until two major releases, (major releases are based upon significant new features to the code) have come out after them. Examples of major releases are BIND 9.9 and 9.10, or DHCP 4.1 and 4.3. For example: 9.7.x general support was phased out 6 months after 9.9.0 was introduced. Currently, we publish minor, or maintenance releases approximately every six months and major releases approximately every 2 years. There may be exceptions to this in the future.

 

[zEitEr]

Thus you might consider building bind from a source in case if you need SPF RR type.

 

[SeLLeRoNe]

Ah ok, thanks

Actually i didn't even notice that was that far away