When your SPF record gets too long, like too many mail server’s IP in my case, named-checkzone will returns an error about it.
For example, my SPF record was like:
MYDOMAIN IN TXT "v=spf1 a mx ptr ip4:IPADDRESS1 ip4:IPADDRESS2 ip4:IPADDRESS3 ip4:IPADDRESS4 ip4:IPADDRESS5 ip4:IPADDRESS6 ip4:IPADDRESS7 ip4:IPADDRESS8 ip4:IPADDRESS9 ip4:IPADDRESS10 ip4:IPADDRESS11 mx:mail.MYDOMAIN -all"And I had to add one more of IPADDRESS12, and it caused an error:
# named-checkzone MYDOMAIN MYDOMAIN.zone.signed
dns_rdata_fromtext: MYDOMAIN.zone.signed:286: syntax error
zone xptest.net/IN: loading from master file MYDOMAIN.zone.signed failed: syntax error
zone MYDOMAIN/IN: not loaded due to errors.And my solution for this error was to separate the record using include.
MYDOMAIN IN TXT "v=spf1 a mx ptr include:_1st.MYDOMAIN include:_2nd.MYDOMAIN mx:mail.MYDOMAIN -all"
_1st.MYDOMAIN IN TXT "v=spf1 ip4:IPADDRESS1 ip4:IPADDRESS2 ip4:IPADDRESS3 ip4:IPADDRESS4 ip4:IPADDRESS5 ip4:IPADDRESS6 -all"
_2nd.MYDOMAIN IN TXT "v=spf1 ip4:IPADDRESS7 ip4:IPADDRESS8 ip4:IPADDRESS9 ip4:IPADDRESS9 ip4:IPADDRESS10 ip4:IPADDRESS11 ip4:IPADDRESS12 -all"Checking SPF recorde at https://www.kitterman.com/spf/validate.html and I’m sure that now my record is safe.