Add to Favourites Add to Favourites    Print this Article Print this Article

I want to change the SPF records for all of my domains.

If you're making DNS changes or are having domains send email from other IPs, you might want to make alterations to your SPF records.

For mass changes, there are a few ways to go about this.
  1. If you are not using DKIM and don't mind losing all of your TXT records, you can use the named.db method of temporarily altering the zone template:

    cd /usr/local/directadmin/data/templates
    perl -pi -e 's/\|TXT\|/|DOMAIN|. 14400 IN TXT "v=spf1 a mx ip4: -all"/' named.db

    Where you can adjust the values as desired.

    You might notice the

    which is basically like an SPF pointer, in that it will let the current domain use all SPF records that the has set, making future changes very easy in a single place, should they be needed.  This would save you from having to re-edit all zones, instead just editing the master, and all domains that have this include will automatically get those changes.

    Once the named.db has the TXT removed, rewrite all zones with the new values:

    cd /usr/local/directadmin
    echo "action=rewrite&value=named" > data/task.queue; ./dataskq d2000

    and confirm all zones are updated with the new TXT record.

    MAKE SURE you then revert your named.db back to having the |TXT| token after, else TXT records won't be able to be added through DA.
  2. Option 2 is to do a mass regex on the spf records.  This is going to be more surgical, and will not affect your other TXT records.  A sample regex might look like:

    cd /var/named
    mkdir /root/dbbackup
    cp *.db /root/dbbackup
    perl -pi -e 's/v=spf1.*$/v=spf1 a mx ip4: -all"'/ *.db

    with the same rules as before, adjust the values desired.  Note that a regex may require you to escape some special characters (google for more info on how to write a regex).

    You'll also want to issue a rewrite of all zones to increase the serial numbers:

    cd /usr/local/directadmin
    echo "action=rewrite&value=named" > data/task.queue; ./dataskq d2000

Changing the default for new domains

Either method, above, will affect existing domains, but will not affect anything for new domains.
For this, you have 2 options, depending on what you need to do.
  1. The cleanest/simplest method will be to use the extra_spf_value feature, which appends some data directly into the default TXT/spf record.
    For example, for the above example, you'd add this to your directadmin.conf, noting the leading space before the value, after the = character:


    and restart directadmin.   BUT this will not affect items before or after the |EXTRA_SPF| token from the dns_txt.conf file, so it will use the defaults, like ~all, etc.  Use option 2 below if you need more control.
  2. Edit the TXT template directly:

    cd /usr/local/directadmin/data/templates/custom
    cp ../dns_txt.conf ./
    nano dns_txt.conf

    and make it look something like:

    |DOMAIN|.="v=spf1 a mx ip4:|SERVER_IP||EXTRA_SPF| -all"

    or adjust to suit your needs.  This will be safe from DA updates, as it's in the custom folder.   It will apply to all new zones created after it's set.

    If your version of named supports actual "SPF" type records, and you've enabled it in the directadmin.conf then in addition to the dns_txt.conf, you'll want to repeat the same steps on dns_spf.conf.

Was this answer helpful?

Also Read