Skip to main content

Adding an SPF record for CNAME record (external email)

Comments

10 comments

  • cPRex Jurassic Moderator
    Hey there!
    but we fail mail domain checks because the domain doesn't resolve.

    Can you get me more details on why it doesn't resolve? SPF is used to designate the IP addresses that are permitted senders for a domain, and you can setup multiple IPs. For example, you can have an SPF record that looks like this: domain.com. 14400 IN TXT "v=spf1 ip4:1.2.3.4 +a +mx +ip4:2.3.4.5 +ip4:3.4.5.6 ~all"
    and that is perfectly valid. I'm not really sure where the CNAME comes into play. For a server where the website is hosted on one machine and the mail is hosted on another I would expect to see the following: -A record points to the webserver -MX record points to the mailserver -SPF lists either just the mailserver or also includes the webserver as a possible sender
    0
  • opt2bout
    Again, the mail services are EXTERNAL to the website. Mail is sent through a relay, like SendGrid, ElasticEmail, Google, etc. These services have us set up a CNAME to reference their physical host name like "customer123.sendgrid.com", then we add an SPF record for our domain. For example, we are ourdomain.com Using mail.ourdomain.com as our sending server (this is NOT hosted on the cPanel server) We have DNS records for: mail.ourdomain.com. CNAME customer123.sendgrid.com We now need an SPF record to tell the world that mail.ourdomain.com is allowed to send email. If we attempt to add a TXT record for this, the cPanel Zone editor gives us the error in the original post. If I don't create the CNAME record, I can create the SPF TXT record, but then we get sometimes get SPF validation errors when sending email as "mail.ourdomain.com" because it can't resolve anywhere. The customer123.sendgrid.com in this example has several rotating IP addresses, so we can't just create a static IP entry for mail.ourdomain.com, etc. So I guess I need to know if this is a bug in the cPanel Zoned editor that will not allow us to create a text record for a CNAME host record?
    0
  • cPRex Jurassic Moderator
    Thanks for the clarification. We don't perform any validation on the CNAME data, so you could type in anything you want there as we don't make sure it resolves. It sounds more like there is a typo in the line. Could you post a screenshot of exactly what you're trying to set up as the CNAME record so I can test that on my end?
    0
  • opt2bout
    To reproduce this, go to DNS Zone Manager, go to a domain, Manage Add a CNAME record, any CNAME record. In our case it is an alias from mail.ourdomain.com to an external host, say mail.sendgrid.net Now that you have a CNAME record for the host mail.ourdomain.com, try adding a TXT record for the same domain. In our example "v=spf1 ip4:111.111.111.111 +a +mx +include:_spf.sendgrid.net +include:_spf.google.com ~" Actually the content doesn't matter, you can just put "test" or anything you like. When you click "Save record" we get: Error: API failure: Zone is invalid: Line 58: mail.ourdomain.com: CNAME and other data at /usr/local/cpanel/Cpanel/ZoneFile/LineEdit.pm line 390. Note that you can reverse the process. For example, create a TXT record first. Then try and create a CNAME record for the same domain. It appears that the current cPanel zone manager thinks it is an error to have a TXT record reference a CNAME domain? We are allowed to do this "manually" if we edit the zone file, but zone manager won't work for that domain any longer with the same error as quoted above.
    0
  • cPRex Jurassic Moderator
    On my system, when performing this work I get the following: "Error: cnametest.hattmonkey.com. already has a CNAME record. You may not mix CNAME records with other records (TXT)." Could you submit a ticket to our team so we could check this directly on your server?
    0
  • Steini Petur
    We are having the exact same issue with one of our clients, adding a CNAME for his subdomain
    I then tried directly from WHM and the same but there I get a better debug, since cPanel sends outs a vague "contact them to find out" Error: API failure: Zone is invalid: Line 33: x: CNAME and other data; Line 33:x: CNAME and other data at /usr/local/cpanel/Cpanel/ZoneFile/LineEdit.pm line 403. You are right though we have a TXT record and an A record as well, I had to remove both, I had tested just taking the A record, and i received the error, then took both out and I can then set the CNAME, the Manager doesn't allow TXT record and CNAME record of the same name.
    x 14400 TXT v=spf1 +a +mx .......
    Removing that record allows the CNAME to be set Success: You successfully saved the following CNAME record for "x": "y". Then I tried to put in the TXT record and I can't do that, the only way for me to achieve this is to [root@esja etc]# cd /var/named [root@esja named]# nano smart-proto* [root@esja named]# service named reload Reloading named: [ OK ]
    This must be an error @cPRex don't you think? There is not a violation of setting TXT records and CNAME records in a DNS file, only the manager thinks so.. It's violation if its A record and CNAME but not a TXT and CNAME, and I had to stick every record out of it for it to be pleased with the CNAME installation. PS: It should be noted that now my client can not update any records, even adding a new subdomain wont work because the file is "corrupted" according to the Zone editor and needs the CNAME and TXT to be removed.
    0
  • cPRex Jurassic Moderator
    @Steini Petur - it definitely sounds odd - could you get a ticket submitted to our team so we can check that out? If so, please post the number here so I can follow along.
    0
  • Metro2
    I'm not sure if this is relevant or helpful in the cases above, but I ran into basically the same thing a while ago (tried to add a TXT verification record to a CNAME like client.example.com) and I ended up reading somewhere that TXT records cannot be added to a CNAME that uses the same sub-URL. Now I wonder if that's actually true, or if this is a glitch.
    0
  • cPanelAnthony
    I'm not sure if this is relevant or helpful in the cases above, but I ran into basically the same thing a while ago (tried to add a TXT verification record to a CNAME like client.example.com) and I ended up reading somewhere that TXT records cannot be added to a CNAME that uses the same sub-URL. Now I wonder if that's actually true, or if this is a glitch.

    This is correct, TXT records cannot be added to a CNAME using the same sub-URL. The following article might help.
    0
  • helper142
    Hey, I think similar thing is explained in the below thread!!
    0

Please sign in to leave a comment.