sdgathman
commented
5 years ago Well, at least the test case should be easy.
Closed kitterma closed 5 years ago
sdgathman
commented
5 years ago Well, at least the test case should be easy.
sdgathman
commented
5 years ago It's doesn't fail with the same result, however. SPF Permanent Error: No valid SPF record for included domain: a.example.org: include:a.example.org
sdgathman
commented
5 years ago I'm thinking it's time to move the session cache to 'anydns', and have some test cases for anydns.
sdgathman
commented
5 years ago Ok, that test case fails because the presence of the TXT record turns off the autodup of SPF as TXT. Now the test case fails to fail.
sdgathman
commented
5 years ago What the test framework leaves out, is that a real DNS server usually helpfully provides the contents of the CNAME target in addition to the CNAME record.
sdgathman
commented
5 years ago Fixed with commit e8736b5
So this is based on a report I got for my SPF validator because someone had an SPF record that really did this.
Imagine the following record set:
example.com IN TXT "v=spf1 include:a.example.com include:b.example.com -all a.example.com IN TXT "v=spf1 a -all" b.example.com IN CNAME a.example.com
What appears to happen is that pyspf follows the CNAME and thinks there are two SPF records at a.example.com. I've set up test records in kitterman.org to demonstrate the problem:
pyspf 1.1.1.1 test@parallel.kitterman.org test.kitterman.org result: ('permerror', 550, 'SPF Permanent Error: Two or more type TXT spf records found.') None
Any SPF test of parallel.kitterman.org raises this error because of the CNAME following issue.