named-checkconf[12345]: zone domain.com/IN: 'domain.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record


Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"


Top Level » DNS

named-checkconf[12345]: zone domain.com/IN: 'domain.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF recordLast Modified: Jan 24, 2015, 11:07 pm
On systemd systems (CentOS 7), the named startup script in:

/etc/systemd/system/named.service

will have the following pre-check:

ExecStartPre=/usr/sbin/named-checkconf -z /etc/named.conf

but if the incoming zone has spf values in the TXT record, but does not have the SPF record with the matching value, then you'll see this error, and named may refuse to start up:

named-checkconf[12345]: zone domain.com/IN: 'domain.com' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record

Note, that DA can add the SPF values for you, but older versions of bind/named (9.3.x / CentOS 5) do not support them.. so if you use the Multi-Server Setup, it forces you do keep it shut off.  It's disabled by default in DA for this reason.

To bypass the error, you can edit the named.service file, and comment out the ExecStartPre line, so that it looks like this:

#ExecStartPre=/usr/sbin/named-checkconf -z /etc/named.conf

then reload the file, and restart named:

systemctl daemon-reload
systemctl start named


On our test CentOS 7 system, the ExecStartPre works fine without the SPF records, but we've had one report where named-checkconf does fail.

It's best to turn on the dns_spf=1 if you can, but if you cannot, then you'd need to disable the pre-check in the named.service file.

Note, you will likely also need to shut off the zone-check:
http://www.directadmin.com/features.php?id=1167

2003 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST