From 992d534697cab53d5a9e00b75ca2a18356dc9f4e Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Tue, 2 May 2023 20:10:20 +0200 Subject: [PATCH] Tighten SPF record PowerDNS cuts TXT records at 255 chars (https://doc.powerdns.com/authoritative/appendices/types.html#txt). This commit reduces the size by using mx and a SPF policy entries. --- cacert.org | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cacert.org b/cacert.org index 9065e6b..7f76a7a 100644 --- a/cacert.org +++ b/cacert.org @@ -19,7 +19,7 @@ cacert.org 43200 IN NS ns4.cacert.org. ; SPF and DKIM ; SPF allows www, secure, www1, email, infra02, emailout, ping -cacert.org 43200 IN TXT "v=spf1 ip4:213.154.225.245 ip4:213.154.225.246 ip4:213.154.225.247 ip6:2001:7b8:3:9c::245 ip6:2001:7b8:3:9c::246 ip6:2001:7b8:3:9c::247 ip4:213.154.225.228 ip6:2001:7b8:616:162:2::228 ip4:213.154.225.230 ip6:2001:7b8:616:162:1::10 ip4:213.154.225.239 ip6:2001:7b8:616:162:2::239 ip6:2001:7b8:616:28:50::11 -all" +cacert.org 43200 IN TXT "v=spf1 a mx a:emailout.cacert.org a:secure.cacert.org a:www1.cacert.org ip4:213.154.225.230 ip6:2001:7b8:616:162:1::10 ip6:2001:7b8:616:28:50::11 -all" auto._domainkey.cacert.org 43200 IN TXT "v=DKIM1;g=*;k=rsa;t=y;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDNFxiNr+NHJwih3OPhGr4iwLE+BBDu72YrMSzUnU1FF50CW7iOtuhg796UZ6xrZ5VuhAix6YmmzcvF2UxYzoD/XpfZ4MzBu0ND4/nkt9/YOTyIBzwQqn9uMNve0Y76Zsel89dIJtOI+y+lfnFExV0jKwe53gzmxMVpMSSCcZPGwIDAQAB" mail._domainkey.cacert.org 43200 IN TXT "v=DKIM1;g=*;k=rsa;t=y;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOZV5h3rm18QRiNfNnwXadX8jeSC3zjpU7GFNTfZk1ifjLxrlVrSsfAvlVfFvR2/uQXegwEkiNV5bd57d989T+VVLZZbSv+OAXX4ZwihsLkf3huDszKtJTvsybqUNh97OE00THSyJCrcowFDcLv5IN2ULCOlMjTqbZxZuaNW0S6wIDAQAB"