Hello,
I have about 300 domains in a DNS cluster that were tainted by the default 'ON' setting "Autodiscovery SPF include hosts from the smarthost route list".
This "Autodiscovery SPF include hosts from the smarthost route list" inserted an include into all of the SPF records for these domains for the smarthost, when the doing this is WRONG in my case. The include is break the 10 lookup rule and so the SPF is not used on receiving servers.
I have turned 'OFF' "Autodiscovery SPF include hosts from the smarthost route list". This doe NOT remove include from the SPF.
1) how do remove this AUTOMATICALLY included item in the SPF on scale for all 300 domains with out editing one by one?
2) I think I can edit with sed on the DNS db files, but then the DNS db files need to be incremented and synced on the cluster. Any thoughts on this process?
---
Update:
I looked at the DNS zones thinking that #2 could be an option. However, I'm finding that some DNS zones look like this
and others look like this:
----
Found this:
Looks promising.
---
So I tried to do this to removed all the erroneously included gosecure.net includes :
find /var/named -type f -print | xargs sed -i 's/include:gosecure.net/\s/g'
That works is clears the include:gosecure.net in all db files in /var/named
Then I used the example link above to increment the serial number:
perl -pi -e 'if (/\s+(202\d{7})/i) { my $i = $1+1; s/$1/$i/; }' /var/named/*db
I can spot check db files and see the serial number has been incremented plus 1.
then I sync:
/scripts/dnscluster syncall
And all of the db files revert to previous condition that erroneously included gosecure.net includes.
Any idea on how to force this work?
Thanks,
Mike
I have about 300 domains in a DNS cluster that were tainted by the default 'ON' setting "Autodiscovery SPF include hosts from the smarthost route list".
This "Autodiscovery SPF include hosts from the smarthost route list" inserted an include into all of the SPF records for these domains for the smarthost, when the doing this is WRONG in my case. The include is break the 10 lookup rule and so the SPF is not used on receiving servers.
I have turned 'OFF' "Autodiscovery SPF include hosts from the smarthost route list". This doe NOT remove include from the SPF.
1) how do remove this AUTOMATICALLY included item in the SPF on scale for all 300 domains with out editing one by one?
2) I think I can edit with sed on the DNS db files, but then the DNS db files need to be incremented and synced on the cluster. Any thoughts on this process?
---
Update:
I looked at the DNS zones thinking that #2 could be an option. However, I'm finding that some DNS zones look like this
; cPanel first:74.0.6 (update_time):1660161524 Cpanel::ZoneFile::VERSION:1.3 hostname:host104.example.net latest:104.0.7
; Zone file for example.com
$TTL 14400
example.com. 86400 IN SOA ns20.example.net. support.example.net. 2022081002 3600 1800 1209600 86400
and others look like this:
; cPanel first:11.24.4-STABLE_35075 (update_time):1660153690 Cpanel::ZoneFile::VERSION:1.3 hostname:host104.example.net latest:104.0.7
; Zone file for example.com
$TTL 900
example.com. 86400 IN SOA ns20.example.net. support.example.net. (
2022081001 ;Serial Number
3600 ;refresh
1800 ;retry
1209600 ;expire
86400 )
----
Found this:
Looks promising.
---
So I tried to do this to removed all the erroneously included gosecure.net includes :
find /var/named -type f -print | xargs sed -i 's/include:gosecure.net/\s/g'
That works is clears the include:gosecure.net in all db files in /var/named
Then I used the example link above to increment the serial number:
perl -pi -e 'if (/\s+(202\d{7})/i) { my $i = $1+1; s/$1/$i/; }' /var/named/*db
I can spot check db files and see the serial number has been incremented plus 1.
then I sync:
/scripts/dnscluster syncall
And all of the db files revert to previous condition that erroneously included gosecure.net includes.
Any idea on how to force this work?
Thanks,
Mike
Last edited by a moderator:
