Closed kitterma closed 5 years ago
Well, at least the test case should be easy.
It's doesn't fail with the same result, however. SPF Permanent Error: No valid SPF record for included domain: a.example.org: include:a.example.org
I'm thinking it's time to move the session cache to 'anydns', and have some test cases for anydns.
Ok, that test case fails because the presence of the TXT record turns off the autodup of SPF as TXT. Now the test case fails to fail.
What the test framework leaves out, is that a real DNS server usually helpfully provides the contents of the CNAME target in addition to the CNAME record.
Fixed with commit e8736b5
So this is based on a report I got for my SPF validator because someone had an SPF record that really did this.
Imagine the following record set:
example.com IN TXT "v=spf1 include:a.example.com include:b.example.com -all a.example.com IN TXT "v=spf1 a -all" b.example.com IN CNAME a.example.com
What appears to happen is that pyspf follows the CNAME and thinks there are two SPF records at a.example.com. I've set up test records in kitterman.org to demonstrate the problem:
pyspf 1.1.1.1 test@parallel.kitterman.org test.kitterman.org result: ('permerror', 550, 'SPF Permanent Error: Two or more type TXT spf records found.') None
Any SPF test of parallel.kitterman.org raises this error because of the CNAME following issue.