|On systemd systems (CentOS 7), the named startup script in:|
/etc/systemd/system/named.servicewill have the following pre-check:
ExecStartPre=/usr/sbin/named-checkconf -z /etc/named.confbut if the incoming zone has spf values in the TXT record, but does not have the SPF record with the matching value, then you'll see this error, and named may refuse to start up:
named-checkconf: zone domain.com/IN: 'domain.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF recordNote, that DA can add the SPF values for you, but older versions of bind/named (9.3.x / CentOS 5) do not support them.. so if you use the Multi-Server Setup, it forces you do keep it shut off. It's disabled by default in DA for this reason.
To bypass the error, you can edit the named.service file, and comment out the ExecStartPre line, so that it looks like this:
#ExecStartPre=/usr/sbin/named-checkconf -z /etc/named.confthen reload the file, and restart named:
On our test CentOS 7 system, the ExecStartPre works fine without the SPF records, but we've had one report where named-checkconf does fail.
It's best to turn on the dns_spf=1 if you can, but if you cannot, then you'd need to disable the pre-check in the named.service file.
Note, you will likely also need to shut off the zone-check:
© 2018 JBMC Software, Suite 173 3-11 Bellerose Drive, St Albert, AB T8N 1P7 Canada. Mon-Fri 9AM-5PM MST