[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

SPF Record Greater Than 255 Characters

Posted on 2013-01-30
9
Medium Priority
?
3,456 Views
Last Modified: 2013-01-30
I am trying to add an spf record using advanced DNS zone editor in cpanel. I have 17 IP address to include in the record but it brings the length over the 255 character limit and cpanel wont let me add it.
 
The record is formatted as:

"v=spf1 IP4:xxx.xxx.xxx.xx IP4:xxx.xxx.xxx.xxx etc ~all"

How do i add an spf record that is greater than 256 characters.
0
Comment
Question by:joey40
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 13

Expert Comment

by:Alexios
ID: 38834335
Hello

You may have more than 255 characters of data in a TXT or SPF record, but not more than 255 characters in a single string.

If you attempt to create an SPF or TXT record with a long string (>255 characters) in it, BIND will give an error (e.g. "invalid rdata format: ran out of space".)  Strings in SPF and TXT records should be no longer than 255 characters.  However to get around this limitation, per RFC 4408 a TXT or SPF record is allowed to contain multiple strings, which should be concatenated together by the reading application.  In the case of use for SPF (using either TXT or SPF RRs) the strings are concatenated together without spaces as described below.  Reassembly by other applications of multiple strings stored in TXT records might work differently.
0
 
LVL 13

Expert Comment

by:Alexios
ID: 38834343
in continuation...

From the source http://www.openspf.org/RFC_4408

3.1.3. Multiple Strings in a Single DNS record
As defined in RFC 1035 sections 3.3.14 and 3.3, a single text DNS record (either TXT or SPF RR types) can be composed of more than one string. If a published record contains multiple strings, then the record MUST be treated as if those strings are concatenated together without adding spaces. For example:

IN TXT "v=spf1 .... first" "second string..."
MUST be treated as equivalent to

IN TXT "v=spf1 .... firstsecond string..."
SPF or TXT records containing multiple strings are useful in constructing records that would exceed the 255-byte maximum length of a string within a single TXT or SPF RR record.
0
 

Author Comment

by:joey40
ID: 38834394
So if the long record is:

"v=spf1 IP4:217.174.152.64 IP4:217.174.152.65 IP4:217.174.152.66 IP4:217.174.152.67 IP4:217.174.152.68 IP4:217.174.152.69 IP4:217.174.152.70 IP4:217.174.152.71 IP4:217.174.152.72 IP4:217.174.152.73 IP4:217.174.152.74 IP4:217.174.152.75 IP4:217.174.152.76 IP4:217.174.152.77 IP4:217.174.152.78 IP4:217.174.152.79 IP4:217.174.152.80 ~all"

Are you saying as follows:

"v=spf1 IP4:217.174.152.64 IP4:217.174.152.65 IP4:217.174.152.66 IP4:217.174.152.67 IP4:217.174.152.68 IP4:217.174.152.69 IP4:217.174.152.70 IP4:217.174.152.71"" IP4:217.174.152.72 IP4:217.174.152.73 IP4:217.174.152.74 IP4:217.174.152.75 IP4:217.174.152.76 IP4:217.174.152.77 IP4:217.174.152.78 IP4:217.174.152.79 IP4:217.174.152.80 ~all"


I am still seeing the following error... TXT Data cannot be empty or
more than 255 characters.
0
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

 
LVL 13

Expert Comment

by:Alexios
ID: 38834439
You post twice the same record

Delete the space between ip's and try again

IP4:217.174.152.64IP4:217.174.152.65IP4:217.174.152.66
0
 
LVL 41

Assisted Solution

by:footech
footech earned 500 total points
ID: 38836240
Instead of listing all the IPs individually, if they're contiguous use CIDR notation to define the range.
v=spf1 ip4:217.174.152.64/28 ~all

Open in new window

See here for a cheatsheet of CIDR notation.
http://bradthemad.org/tech/notes/cidr_subnets.php
0
 
LVL 27

Expert Comment

by:DrDave242
ID: 38836460
You can also create host records, all with the same name, and give them the IP addresses of those servers.  Then simply add the FQDN of the host record to your SPF record with the a: mechanism.  If you give the records the name mailservers, for example, it would look like this:

v=spf1 a:mailservers.domain.com ~all

Open in new window

0
 

Author Comment

by:joey40
ID: 38837369
Kostasp: tried removing the spaces but still seeing the 255 character limit error.

Footech: Your solution is working but how to i cover the IP address range:

217.174.152.64 to 217.174.152.80

do i need to add anything to "v=spf1 ip4:217.174.152.64/28 ~all".

I checked the cheatsheet but i am having trouble understanding it.

Dr.Dave42..thank you for your solution. I will reserve this to use if i cant get the other to work.
0
 
LVL 27

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 38837404
217.174.152.64/28 covers 217.174.152.64 through 217.174.152.79.  You'll need one more explicit address to cover 217.174.152.80, so the SPF record will look like this:

v=spf1 ip4:217.174.152.64/28 ip4:217.174.152.80 ~all

Open in new window

0
 

Author Closing Comment

by:joey40
ID: 38837563
Thank you!
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
This Micro Tutorial demonstrates  how Internet marketers work with competitive analysis data, and a common task in data preparation is creating separate column for domains. You will then extract from a list of URLs.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question