Knowledgebase
I want to change the SPF records for all of my domains.
If you're making DNS changes or are having domains send email from other IPs, you might want to make alterations to your SPF records.
For mass changes, there are a few ways to go about this.
For this, you have 2 options, depending on what you need to do.
For mass changes, there are a few ways to go about this.
- If you are not using DKIM and don't mind losing all of your TXT records, you can use the named.db method of temporarily altering the zone template:
cd /usr/local/directadmin/data/templates
Where you can adjust the values as desired.
perl -pi -e 's/\|TXT\|/|DOMAIN|. 14400 IN TXT "v=spf1 a mx ip4:1.2.3.4 include:masterdomain.com -all"/' named.db
You might notice theinclude:masterdomain.com
which is basically like an SPF pointer, in that it will let the current domain use all SPF records that the masterdomain.com has set, making future changes very easy in a single place, should they be needed. This would save you from having to re-edit all zones, instead just editing the master, and all domains that have this include will automatically get those changes.
Once the named.db has the TXT removed, rewrite all zones with the new values:cd /usr/local/directadmin
and confirm all zones are updated with the new TXT record.
echo "action=rewrite&value=named" > data/task.queue; ./dataskq d2000
MAKE SURE you then revert your named.db back to having the |TXT| token after, else TXT records won't be able to be added through DA. - Option 2 is to do a mass regex on the spf records. This is going to be more surgical, and will not affect your other TXT records. A sample regex might look like:
cd /var/named
with the same rules as before, adjust the values desired. Note that a regex may require you to escape some special characters (google for more info on how to write a regex).
mkdir /root/dbbackup
cp *.db /root/dbbackup
perl -pi -e 's/v=spf1.*$/v=spf1 a mx ip4:1.2.3.4 include:masterdomain.com -all"'/ *.db
You'll also want to issue a rewrite of all zones to increase the serial numbers:cd /usr/local/directadmin
echo "action=rewrite&value=named" > data/task.queue; ./dataskq d2000
Changing the default for new domains
Either method, above, will affect existing domains, but will not affect anything for new domains.For this, you have 2 options, depending on what you need to do.
- The cleanest/simplest method will be to use the extra_spf_value feature, which appends some data directly into the default TXT/spf record.
For example, for the above example, you'd add this to your directadmin.conf, noting the leading space before the value, after the = character:extra_spf_value= include:masterdomain.com
and restart directadmin. BUT this will not affect items before or after the |EXTRA_SPF| token from the dns_txt.conf file, so it will use the defaults, like ~all, etc. Use option 2 below if you need more control. - Edit the TXT template directly:
cd /usr/local/directadmin/data/templates/custom
and make it look something like:
cp ../dns_txt.conf ./
nano dns_txt.conf|DOMAIN|.="v=spf1 a mx ip4:|SERVER_IP||EXTRA_SPF| include:masterdomain.com -all"
or adjust to suit your needs. This will be safe from DA updates, as it's in the custom folder. It will apply to all new zones created after it's set.
If your version of named supports actual "SPF" type records, and you've enabled it in the directadmin.conf then in addition to the dns_txt.conf, you'll want to repeat the same steps on dns_spf.conf.