How to Add SPF Record in Bind DNS Zone on Linux

Share this Article :

SPFIn order to prevent the Hotmail.com, Gmail.com, Yahoo.com and other top internet mail provider interpret all mails originate from your server to be spam and then placed it into junkmail folder, it is recommended to add SPF (Sender Policy Framework) in your zone file. The ISPs and email providers usually will check for SPF record pass to determine whether the mail originates from your IP. It is advised to configure SPF for your corporate domain to identify and reject forged addresses in the SMTP MAIL FROM (Return-Path), a typical nuisance in e-mail spam. The most important things is this can help to prevent spammers from abusing your domain. This steps has been tested on Bind DNS server that running on linux CentOS 6.2 server.

Steps to add SPF record in Bind DNS zone on Linux server :

1. Login to your Primary DNS server, and open a DNS zone record that contain mail exchanger record (MX record). In this case, MX record for ehowstuff.local domain is mail.ehowstuff.local. The configuration is in /var/named/chroot/var/named/ehowstuff.local.

[[email protected] ~]# vim /var/named/chroot/var/named/ehowstuff.local
;
;       Addresses and other host information.
;
$TTL 14400
ehowstuff.local.        IN      SOA     ns1.ehowstuff.local.    admin.ehowstuff.local. (
                                        2012060201      ; Serial
                                        86400      ; Refresh
                                        7200       ; Retry
                                        3600000    ; Expire
                                        86400 )  ; Minimum

;A record for domain mapping domain to IP
ehowstuff.local.        IN      A       192.168.1.44

;Define the atleast 2 private nameservers
ehowstuff.local.        IN      NS      ns1.ehowstuff.local.
ehowstuff.local.        IN      NS      ns2.ehowstuff.local.

; Map 2 private nameservers to IP addressess using A record
ns1     IN      A       192.168.1.44
ns2     IN      A       192.168.1.54

; Specify subdomains if any using CNAME or alias.
www     IN      CNAME   ehowstuff.local.
ftp     IN      CNAME   ehowstuff.local.

; Mail exhanger and map it IP using A record.
ehowstuff.local.        IN      MX      10      mail.ehowstuff.local.

; SPF Record for MX.
ehowstuff.local.        IN      TXT     "v=spf1 a mx -all"

2. Restart named service :

[[email protected] ~]# service named restart
Stopping named: .                                          [  OK  ]
Starting named:                                            [  OK  ]

3. You can manually check and test the Sender Policy Framework (SPF) record for a domain by using nslookup as follows:

  • On windows, Open Command prompt (Start -> Run -> cmd).
  • Type ‘nslookup’ and press enter.
  • Type ‘set type=txt’ and press enter (This will set the query type to TXT).
  • Type the domain that you would like to query (e.g. ehowstuff.local).
C:\>nslookup
*** Can't find server name for address 192.168.1.44: Non-existent domain
*** Default servers are not available
Default Server:  UnKnown
Address:  192.168.1.44

> set type=txt
> ehowstuff.local
Server:  UnKnown
Address:  192.168.1.44

ehowstuff.local text =

        "v=spf1 a mx -all"
ehowstuff.local nameserver = ns1.ehowstuff.local
ehowstuff.local nameserver = ns2.ehowstuff.local
ns1.ehowstuff.local     internet address = 192.168.1.44
ns2.ehowstuff.local     internet address = 192.168.1.54
>

On linux, run the following command :

[[email protected] ~]# host -t txt ehowstuff.local
ehowstuff.local descriptive text "v=spf1 a mx -all"

Leave a Reply