SPF记录中的DNS查找过多 [英] Too many DNS lookups in an SPF record

问题描述

我的网站需要通过Google Apps，SendGrid和MailChimp服务发送电子邮件。 Google Apps用于接收和读取到我的域的传入电子邮件。

我需要为我的域设置SPF记录。以下是语法正确的（不确定A和MX令牌）：

v = spf1 a mx include： _spf。 google.com 包括： servers.mcsv.net
include： sendgrid.net 〜all

< blockquote>

但是，如果我用 http://www.kitterman.com/getspf2 .py 我得到

PermError SPF永久性错误：DNS查找太多

类似的问题，如
http://www.onlineaspect.com/2009/03/20/too-many-dns-lookups-in-an-spf-record/

如何优化/重写我的SPF记录？

解决方案

所以，我以前从来没有这样做，但是根据你发送的文章，这是我想出来的。

我们开始wi th：

  v = spf1 a mx include：_spf.google.com include：servers.mcsv.net include：sendgrid.net 〜all 
  

在我们抛出之前，我们得到10个总查找次数太多的DNS查找错误：

  2（初始TXT& SPF查找）
 2（a& mx Lookups）
 1（_spf.google.com）
 1（servers.mcsv.net）
 +1（sendgrid.net） 
 ----------------- 
 7查找
  

所以没有包含SPF记录，我们有7个查询。

---

现在，我们来吧一级更深。

1。 _spf.google.com

Google SPF记录评估为：

  v = spf1 include：_netblocks.google.com include：_netblocks6.google.com？all 
  

每个其中解决了以下值：

 ＃_netblocks.google.com 
v = spf1 ip4：216.239.32.0/ 19 ip4：64.233.160.0/19 ip4：66.249.80.0/20 ip4：72.14.192.0/18 ip4：209.85.128.0/17 ip4：66.102.0.0/20 ip4：74.125.0.0/16 ip4：64.18.0.0/20 ip4：207.126.144.0/20 ip4：173.194.0.0/16？all 
 
＃_netblocks6.google.com 
v = spf1 ip6：2607：f8b0：4000 :: / 36 ip6：2a00 ：1450：4000 :: / 36？all 
  

所以google给了我们2个查找，最多 9查找。

2。 servers.mcsv.net

Mailchimp是一个doosey，因为它增加了3个额外的查询：

  v = spf1 include：spf1.mcsv.net include：spf2.mcsv.net include：spf.mandrillapp.com？all 
  

我想象，根据您通过Mailchimp发送的内容，您可能可以删除其中一个或两个记录（但是您必须评估自己）。

无论如何，这些解决方案如下：

  ＃spf1.mcsv.net 
v = spf1 ip4：207.97.237.194/31 ip4：207.97.238.88/29 ip4：207.97.240.168/29 ip4：69.20.10.80/29 ip4：69.20.41.72/27 ip4：74.205 .22.1 / 27 ip4：69.20.90.0/26？all 
 
＃spf2.mcsv.net 
v = spf1 ip4：204.232.163.0/24 ip4：72.26.195.64/27 ip4：74.63 .47.96 / 27 ip4：173.231.138.192/27 ip4：173.231.139.0/24 ip4：173.231.176.0/20 ip4：205.201.128.0/24？all 
 
＃spf.mandrillapp.com 
v = spf1 ip4：205.201.136.0/24 ip4：205.201.137.0/24？all 
  

这使我们总共达到 12查找（已经超过了两倍）。

2。 sendgrid.net

SendGrid最终成为我们最少的额外查找。

 code> v = spf1 ip4：208.115.214.0/24 ip4：74.63.202.0/24 ip4：75.126.200.128/27 ip4：75.126.253.0/24 ip4：67.228.50.32/27 ip4：174.36.80.208/28 ip4：174.36.92.96/27 ip4：69.162.98.0/24 ip4：74.63.194.0/24 ip4：74.63.234.0/24 ip4：74.63.235.0/24包括：sendgrid.biz〜all 
  

所以这里唯一的额外查找是 sendgrid.biz ，它评估为： / p>

 $ code> v = spf1 ip4：208.115.235.0/24 ip4：74.63.231.0/24 ip4：74.63.247.0/24 ip4：74.63 .236.0 / 24 ip4：208.115.239.0/24 ip4：173.193.132.0/24 ip4：173.193.133.0/24 ip4：208.117.48.0/20 ip4：50.31.32.0/19 ip4：198.37.144.0/20〜all 
  

这使我们的总计达14次查询。

< hr>

所以我们的总计是 14查找。我们需要将其缩小到10.我已经在下面列出了几个选项，您可能需要使用其中的1个以上才能将其取消。

1. 直接包含一些重定向的spf记录。现在我们知道spf记录重定向到哪些服务器，你可以切出中间人并直接包含它们。注意：如果任何服务最终会更改其SPF记录，则必须手动进行更新。



2. 删除您正在使用的一些服务。不知道你的用例是为了拥有所有这些服务，但是肯定有一些可能使用的重叠。例如，SendGrid支持（1）事务发送邮件，（2）通讯/营销电子邮件和（3）传入邮件。所以可能会有一些可减少的冗余。




3. 如果MX记录是冗余的，则删除MX记录。根据您的设置，MX查找可能是多余的。

希望这有帮助！

My website needs to send out emails with Google Apps, SendGrid and MailChimp services. Google Apps is used to receive and read incoming email to my domain.

I need to set the SPF record for my domain. The following is syntactically correct (not sure about A and MX tokens):

"v=spf1 a mx include:_spf.google.com include:servers.mcsv.net include:sendgrid.net ~all"

But if I test it with http://www.kitterman.com/getspf2.py I get

PermError SPF Permanent Error: Too many DNS lookups

Similar problem as http://www.onlineaspect.com/2009/03/20/too-many-dns-lookups-in-an-spf-record/

How can I optimize/rewrite my SPF record?

解决方案

So, I've never had to do this before, but based on the article you sent over, this is what I came up with.

We started with:

v=spf1 a mx include:_spf.google.com include:servers.mcsv.net include:sendgrid.net ~all

We get 10 total lookups before we throw the Too many DNS lookups error:

  2 (Initial TXT & SPF Lookups)
  2 (a & mx Lookups)
  1 (_spf.google.com)
  1 (servers.mcsv.net)
 +1 (sendgrid.net)
 -----------------
  7 Lookups

So without even following the included SPF records, we have 7 lookups.

---

Now, let's dive a level deeper.

1. _spf.google.com

The google SPF record evaluates to:

v=spf1 include:_netblocks.google.com include:_netblocks6.google.com ?all

Each of which resolve to the following values:

# _netblocks.google.com
v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ip4:173.194.0.0/16 ?all

# _netblocks6.google.com
v=spf1 ip6:2607:f8b0:4000::/36 ip6:2a00:1450:4000::/36 ?all

So google gives us 2 more lookups, bringing the total up to 9 Lookups.

2. servers.mcsv.net

Mailchimp is a bit of a doosey because it adds a whole 3 extra lookups:

v=spf1 include:spf1.mcsv.net include:spf2.mcsv.net include:spf.mandrillapp.com ?all

I would imagine that depending on what you're sending through Mailchimp, you might be able to remove one or two of these records (but you'll have to evaluated that yourself).

Anyway, those resolve to the following:

# spf1.mcsv.net
v=spf1 ip4:207.97.237.194/31 ip4:207.97.238.88/29 ip4:207.97.240.168/29 ip4:69.20.10.80/29 ip4:69.20.41.72/27 ip4:74.205.22.1/27 ip4:69.20.90.0/26 ?all

# spf2.mcsv.net
v=spf1 ip4:204.232.163.0/24 ip4:72.26.195.64/27 ip4:74.63.47.96/27 ip4:173.231.138.192/27 ip4:173.231.139.0/24 ip4:173.231.176.0/20 ip4:205.201.128.0/24 ?all

# spf.mandrillapp.com
v=spf1 ip4:205.201.136.0/24 ip4:205.201.137.0/24 ?all

This brings us up to a total of 12 Lookups (Which is two over the limit already).

2. sendgrid.net

SendGrid ends up being the fewest number of additional lookups for us.

v=spf1 ip4:208.115.214.0/24 ip4:74.63.202.0/24 ip4:75.126.200.128/27 ip4:75.126.253.0/24 ip4:67.228.50.32/27 ip4:174.36.80.208/28 ip4:174.36.92.96/27 ip4:69.162.98.0/24 ip4:74.63.194.0/24 ip4:74.63.234.0/24 ip4:74.63.235.0/24 include:sendgrid.biz ~all

So the only additional lookup here is sendgrid.biz, which evaluates to:

v=spf1 ip4:208.115.235.0/24 ip4:74.63.231.0/24 ip4:74.63.247.0/24 ip4:74.63.236.0/24 ip4:208.115.239.0/24 ip4:173.193.132.0/24 ip4:173.193.133.0/24 ip4:208.117.48.0/20 ip4:50.31.32.0/19 ip4:198.37.144.0/20 ~all

This brings our grand total up to 14 lookups.

---

So our grand total is 14 Lookups. We need to get that down to 10. I've outlined a couple of options below, you may need to use more than 1 of them to get it down.

1. Directly include some of the redirected spf records. Now that we know which servers the spf records redirect to, you could cut out the middleman and include them directly. Note: If any of the services end up changing their SPF records, you'll have to go through the process of updating yours manually.

2. Remove some of the services that you're using. Not sure what your use case is for having all of these services, but there's definitely some overlap that you might be able to use. For instance, SendGrid supports (1) transactional outgoing mail, (2) newsletter / marketing emails, and (3) incoming mail. So there may be some reducible redundancy.

3. Remove the MX record if it is redundant. Depending on your setup, the MX lookup can be redundant.

Hope this helps!

这篇关于SPF记录中的DNS查找过多的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！