Hello Mark, the "exists" [1] macro results in A queries and the zone contains A records. That's why the check-names processing applied.
Thanks for the hint regarding the nameserver hostnames. Daniel [1] https://tools.ietf.org/html/rfc7208#section-5.7 On 04.01.21 10:33, Mark Andrews wrote: > SPF records are TXT record which are NOT subject to check-names processing. > > If you created a seperate zone use nameservers that DO NOT live within the > zone. > ns1._spf.switch.ch is NOT a legal hostname as it is not LDH. > >> On 4 Jan 2021, at 20:01, Daniel Stirnimann <daniel.stirnim...@switch.ch> >> wrote: >> >> Hello all, >> >> I changed SPF for switch.ch to use SPF macros (RFC 7208). I wanted to >> use the "_spf" label but bind9 check-names complained with a "bad owner >> name (check-names)" message. >> >> I have now used "spf" instead of "_spf", e.g. exists:%{ir}.spf.switch.ch >> >> I didn't want to disable check-names for switch.ch because of this >> conflict. However, SPF record publishing is generally recommended to use >> the "_spf" subdomain which is not possible in this case. >> >> I guess, the only alternative would have been to make "_spf.switch.ch" >> its own zone and set check-names for this zone statement to "ignore". Or >> would this be a good reasons to loosen the check-names rules in bind9? >> >> Thanks, >> Daniel _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
