Automated SPF Records possible?

[diesel12]

For a few years it seems we've had added an spf record to our zone file templates so that newly created accounts will automatically have spf records created (
%domain%. IN TXT "v=spf1 a mx -all" ) . Recently these spf records show an error or "WARNING: DomainKeys cannot be used because this server is not a DNS server for ..... " Disabling and re-enabling SPF records for an account does not make the error go away ...

Our host is telling us that this is because the domains DNS records are not pointing towards the account when the account is created .... which never seemed to be an issue for the last few years ....

Is there any way to automate creation of SPF records for new cpanel accounts or is there possibly something wrong with our specific install?

Also: Somehow Domain Keys are also enabled when all new accounts are created (I have no idea how), but they too have the error of "WARNING: DomainKeys cannot be used because this server is not a DNS server for ..... " .... is there any way to automate creation of domain keys for new accounts?

Any feedback greatly appreciated!

 

[SoftDux]

You need to open a support ticket for this

 

[diesel12]

We don't have the ability to open support tickets as our web host is supposed to be the contact person .... Our host just says it was never possible, which wasn't our experience ....

 

[cPanelTristan]

There are online discussions on how to possibly implement this:

How To Add DomainKeys and SPF Records on CPanel Servers | Sohail Riaz, Linux and Open Source Blog

Of note, cPanel support would not be able to assist in coding or scripting for automation of these records. While you could certainly make a feature request for such an ability, our ticket support is intended for helping with existing services and components in either understanding how they work or troubleshooting them not working. We are unable to provide assistance with creating new services or components, including those such as automation.

The forum was certainly the correct location to ask a non-supported question such as this.

Now, if the inquiry is instead why DomainKeys and SPF are showing as not being usable in cPanel > Email Authentication area due to your DNS records, this could be asked via our support channels. You can always open up a ticket with us if you have a valid cPanel license and root SSH access to the machine. You would only need to use the link in my signature to submit a ticket.

Thanks!

 

[mtindor]

For a few years it seems we've had added an spf record to our zone file templates so that newly created accounts will automatically have spf records created (
%domain%. IN TXT "v=spf1 a mx -all" ) . Recently these spf records show an error or "WARNING: DomainKeys cannot be used because this server is not a DNS server for ..... " Disabling and re-enabling SPF records for an account does not make the error go away ...

Our host is telling us that this is because the domains DNS records are not pointing towards the account when the account is created .... which never seemed to be an issue for the last few years ....

You're webhost is correct. Unless your resolvers in /etc/resolv.conf are the nameservers that hold the zonefiles for the accounts on your server, you'll always get that error if the authorative nameservers aren't those that your cPanel servers use.

If you don't like the error, you could do a few things:

1. Set the nameservers in your /etc/resolv.conf to the nameservers that host your cPanel zones. I don't do this, I don't necessarily endorse this. I always like to use external resolvers. But, this would likely alleviate the error message for you.

2. Ignore the error - The records are still added to the DNS zones on the server [I believe]. They'll just show up as being nonfunctional if somebody clicks on Email Authentication in their control panel -- and it should.

If I use external resolvers [and I do] and I add an account for abc123.com on my server but the authoritative nameservers that the root servers know about aren't my cPanel nameservers, then I'll see that error when I log into the account associated with abc123.com.

I'd simply recommend ignoring the error [after you verify by looking at /var/named/somedomain.com and checking to see if the TXT records are in there after you attempt to enable them in cPanel]. They'll work when somebody finally sets the authoritative nameservers to what they should be.

If for some reason somebody has a domain hosted on one of yoru servers but they have to use external nameservers [to more fully manage various aspects of DNS for their domain], then they'll have to add the TXT records in the DNS zones wherever they maintain them.

Mike