Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Cause:
The version of BIND included in RHEL-7 contained check for SPF records in zone files that were not conforming to RFC 7208, section 3.1.
Consequence:
As a consequence, if the zone file contained SPF records, BIND server or utility named-checkzone could issue a warning log message even though the SPF record was valid based on RFC 7208, section 3.1.
Fix:
The check for SPF records in zone files was updated to conform to RFC 7208, section 3.1.
Result:
As a result, if the zone file contains SPF records, BIND server or utility named-checkzone will no longer issue a warning log message if the SPF record is valid based on RFC 7208, section 3.1.
Description of problem:
According to RFC 7208, section 3.1 SPF records need to be TXT records and not RR SPF records as previously recommended. When checking the syntax of a TXT RR SPF record an error message is displayed saying it should use RR SPF.
Version-Release number of selected component (if applicable):
EL/CentOS 7.1 Bind 9.9.4
How reproducible:
Using this zone file /var/named/cptest2.tld.db
----------------------------------------------
[root@fe80::f816:3eff:fefb:49bd%eth0 172.16.0.86 named]# cat cptest2.tld.db
; cPanel first:11.49.9999.115 (update_time):1429809767 11.49.9999.115: Cpanel::ZoneFile::VERSION:1.3 hostname:i-00002f3f.cpanel.nova latest:11.49.9999.115
; Zone file for cptest2.tld
$TTL 14400
@ 86400 IN SOA ns1.cpanel.nova. julian.brown.cpanel.net. (
2015042303 ; serial, todays date+todays
86400 ; refresh, seconds
7200 ; retry, seconds
3600000 ; expire, seconds
86400 ) ; minimum, seconds
cptest2.tld. 86400 IN NS ns1.cpanel.nova.
cptest2.tld. 86400 IN NS ns2.cpanel.nova.
cptest2.tld. IN A 10.6.27.120
cptest2.tld. IN MX 0 cptest2.tld.
mail IN CNAME cptest2.tld.
www IN CNAME cptest2.tld.
ftp IN A 10.6.27.120
cptest2.tld. IN TXT "v=spf1 +a +mx +ip4:10.6.27.120 ~all"
cpanel IN A 10.6.27.120
webdisk IN A 10.6.27.120
cpcalendars IN A 10.6.27.120
cpcontacts IN A 10.6.27.120
whm IN A 10.6.27.120
webmail IN A 10.6.27.120
default._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAna8Du0cGijhRQWLN1Eb0jqJZbggaSqmyyM2EEua3U8J9YWJ9nNMS08lSHGyQSpVPh8g/uJaHa1cMkXla5ZGGra5GhY+WbAd9m6W45ztcMnXMTBbmMtMu24LgdXWNj0Lkotl4ewCEn9UioQFxpIbNnn6qrhKMajsfygb5/Zzq1rF2NT+FjZRbXtkKGd6tgB03I" bnMlMrmuccNX8U3oVbAk0+hI+Y5eOErYK54iUPvysF9MJJWMV40H7woumNvx73jswA2iK+ZKPOGH9CNXbToqgTbJmRRoMpY0nwjCVsIhaCN9bZxrpF/LaoE/3qeccUAT1tIwEZJIj6ruC8Rx3ydwQIDAQAB\;
----------------------------------------------
Steps to Reproduce:
1. in /var/named
2. type: named-checkzone cptest2.tld cptest2.tld.db
Actual results:
---------------------------
[root@fe80::f816:3eff:fefb:49bd%eth0 172.16.0.86 named]# named-checkzone cptest2.tld cptest2.tld.db
zone cptest2.tld/IN: 'cptest2.tld' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record
zone cptest2.tld/IN: loaded serial 2015042303
OK
---------------------------
Expected results:
Just OK
Additional info:
Probably updating to a newer Bind will correct this.
(In reply to Julian Brown from comment #0)
> Description of problem:
>
> According to RFC 7208, section 3.1 SPF records need to be TXT records and
> not RR SPF records as previously recommended. When checking the syntax of a
> TXT RR SPF record an error message is displayed saying it should use RR SPF.
Yes, you are right, thank you for the report.
(In reply to Paulo Matos from comment #9)
> Hi Tomas,
>
> I saw that you created a path for this issue, but I don´t understand how
> apply that path.
>
> Please, can you explain how I do?
>
> Regards
I responded to your email.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://rhn.redhat.com/errata/RHBA-2015-2222.html
Description of problem: According to RFC 7208, section 3.1 SPF records need to be TXT records and not RR SPF records as previously recommended. When checking the syntax of a TXT RR SPF record an error message is displayed saying it should use RR SPF. Version-Release number of selected component (if applicable): EL/CentOS 7.1 Bind 9.9.4 How reproducible: Using this zone file /var/named/cptest2.tld.db ---------------------------------------------- [root@fe80::f816:3eff:fefb:49bd%eth0 172.16.0.86 named]# cat cptest2.tld.db ; cPanel first:11.49.9999.115 (update_time):1429809767 11.49.9999.115: Cpanel::ZoneFile::VERSION:1.3 hostname:i-00002f3f.cpanel.nova latest:11.49.9999.115 ; Zone file for cptest2.tld $TTL 14400 @ 86400 IN SOA ns1.cpanel.nova. julian.brown.cpanel.net. ( 2015042303 ; serial, todays date+todays 86400 ; refresh, seconds 7200 ; retry, seconds 3600000 ; expire, seconds 86400 ) ; minimum, seconds cptest2.tld. 86400 IN NS ns1.cpanel.nova. cptest2.tld. 86400 IN NS ns2.cpanel.nova. cptest2.tld. IN A 10.6.27.120 cptest2.tld. IN MX 0 cptest2.tld. mail IN CNAME cptest2.tld. www IN CNAME cptest2.tld. ftp IN A 10.6.27.120 cptest2.tld. IN TXT "v=spf1 +a +mx +ip4:10.6.27.120 ~all" cpanel IN A 10.6.27.120 webdisk IN A 10.6.27.120 cpcalendars IN A 10.6.27.120 cpcontacts IN A 10.6.27.120 whm IN A 10.6.27.120 webmail IN A 10.6.27.120 default._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAna8Du0cGijhRQWLN1Eb0jqJZbggaSqmyyM2EEua3U8J9YWJ9nNMS08lSHGyQSpVPh8g/uJaHa1cMkXla5ZGGra5GhY+WbAd9m6W45ztcMnXMTBbmMtMu24LgdXWNj0Lkotl4ewCEn9UioQFxpIbNnn6qrhKMajsfygb5/Zzq1rF2NT+FjZRbXtkKGd6tgB03I" bnMlMrmuccNX8U3oVbAk0+hI+Y5eOErYK54iUPvysF9MJJWMV40H7woumNvx73jswA2iK+ZKPOGH9CNXbToqgTbJmRRoMpY0nwjCVsIhaCN9bZxrpF/LaoE/3qeccUAT1tIwEZJIj6ruC8Rx3ydwQIDAQAB\; ---------------------------------------------- Steps to Reproduce: 1. in /var/named 2. type: named-checkzone cptest2.tld cptest2.tld.db Actual results: --------------------------- [root@fe80::f816:3eff:fefb:49bd%eth0 172.16.0.86 named]# named-checkzone cptest2.tld cptest2.tld.db zone cptest2.tld/IN: 'cptest2.tld' found SPF/TXT record but no SPF/SPF record found, add matching type SPF record zone cptest2.tld/IN: loaded serial 2015042303 OK --------------------------- Expected results: Just OK Additional info: Probably updating to a newer Bind will correct this.