Discussion:
ipv6 and spf
Benny Pedersen
2012-01-18 06:19:53 UTC
Permalink
fail Please see
http://www.openspf.org/why.html?sender=me%40junc.org&ip=2001%3A470%3A27%3Abb3%3A%3A2&receiver=tools.bevhost.com
tools.bevhost.com: domain of ***@junc.org does not designate
2001:470:27:bb3::2 as permitted sender v=spf1 ip4:2.104.223.8/30
~ip6:2001:470:27:bb3::2 -all HASH(0x9016f90)

i cant see my error :/
Scott Kitterman
2012-01-18 11:45:54 UTC
Permalink
Post by Benny Pedersen
fail Please see
http://www.openspf.org/why.html?sender=me%40junc.org&ip=2001%3A470%3A27%3Abb
does not designate
2001:470:27:bb3::2 as permitted sender v=spf1 ip4:2.104.223.8/30
~ip6:2001:470:27:bb3::2 -all HASH(0x9016f90)
i cant see my error :/
I think it's a bug in the tool. http://kitterman.com/spf/validate.html shows
that as a pass. You're record is redundant though.

junc.org. 43200 IN TXT "v=spf1 ip4:2.104.223.8/30
ip6:2001:470:27:bb3::2 a:xpoint-1-pt.tunnel.tserv24.sto1.ipv6.he.net -all"

The ip6: and a: mechanisms point to the same host, so you should remove one.

Scott K

P.S. Openspf.org is still dead, so you'll need to use openspf.net instead.
G.W. Haywood
2012-01-18 12:13:33 UTC
Permalink
B11;rgb:ffff/ffff/ffffHi there,
Post by Scott Kitterman
The ip6: and a: mechanisms point to the same host, so you should remove one.
Removing the name rather than the IPV6 address can prevent unnecessary
name service operations.

--

73,
Ged.
Benny Pedersen
2012-01-18 13:30:02 UTC
Permalink
Post by G.W. Haywood
Removing the name rather than the IPV6 address can prevent
unnecessary
name service operations.
it was suggest in why.php
Benny Pedersen
2012-01-18 13:27:26 UTC
Permalink
Post by Scott Kitterman
I think it's a bug in the tool.
okay
Post by Scott Kitterman
http://kitterman.com/spf/validate.html shows
that as a pass. You're record is redundant though.
i added the a:... after i posted, will remove it again now
Post by Scott Kitterman
junc.org. 43200 IN TXT "v=spf1
ip4:2.104.223.8/30
ip6:2001:470:27:bb3::2 a:xpoint-1-pt.tunnel.tserv24.sto1.ipv6.he.net -all"
The ip6: and a: mechanisms point to the same host, so you should remove one.
there is one possible griff in that the a: can have more then one ip,
so its unsafe like ptr :=)
Post by Scott Kitterman
P.S. Openspf.org is still dead, so you'll need to use openspf.net instead.
dead in not possible to change dns virtualhost ?, is it diff owners ?

will the wizard page come back ?
Scott Kitterman
2012-01-18 13:36:41 UTC
Permalink
Post by Benny Pedersen
Post by Scott Kitterman
I think it's a bug in the tool.
okay
Post by Scott Kitterman
http://kitterman.com/spf/validate.html shows
that as a pass. You're record is redundant though.
i added the a:... after i posted, will remove it again now
Post by Scott Kitterman
junc.org. 43200 IN TXT "v=spf1
ip4:2.104.223.8/30
ip6:2001:470:27:bb3::2 a:xpoint-1-pt.tunnel.tserv24.sto1.ipv6.he.net -all"
The ip6: and a: mechanisms point to the same host, so you should remove one.
there is one possible griff in that the a: can have more then one ip,
so its unsafe like ptr :=)
No. It's not at all unsafe. The ability of one host to point to multiple IP
addresses is a feature of DNS and SPF. The reason it's a concern for PTR is
it drives additional DNS lookups to validate the PTR. For an 'a' record it's
all one lookup.
Post by Benny Pedersen
Post by Scott Kitterman
P.S. Openspf.org is still dead, so you'll need to use openspf.net instead.
dead in not possible to change dns virtualhost ?, is it diff owners ?
Dead as in the host is non-functional and the operator of it isn't immediately
reachable (I'm sure we'll get it restored eventually). In the meantime,
openspf.net serves the same content and there are tool updates being worked on
to point to .net instead of .org.
Post by Benny Pedersen
will the wizard page come back ?
The wizard was removed because it was doing more harm than good due to making
poor recommendations. If someone writes a new wizard that's useful, then
we'll put one up, but so far we don't have one.

Scott K

Loading...