Remove all old SPF ip's after transfer to other server

[rhm.geerts]

We moved to a new server using the transfer tool
Now in the new bind files, every SPF record contains 2 ip's. Like this (ip's are masked to local ip's):

"v=spf1 ip4:192.168.0.1 +a +mx +ip4:10.0.0.1 ~all"

where 192.168.0.1 is the ip of the new server and 10.0.0.1 is the old server ip.

With which command can I remove the complete " +ip4:10.0.0.1" (so with the space before) and update soa records for all domains so they only show:

"v=spf1 ip4:192.168.0.1 +a +mx ~all"

as should be on the new server?

 

[ZenHostingTravis]

Hi,

The following posts may assist you futher.

Please be sure to read all of them.

mass update spf records

Hi I need to change all my spf records from "v=spf1 +a +mx +ip4:1.2.3.4. ~all" to "v=spf1 +a +mx +ip4:3.3.3.3. ~all" to three hundred domains. Is there a way to do in massive way with a command line?

forums.cpanel.net

 

[rhm.geerts]

Thank you, but that is changing SPF record old ip to SPF record new ip.

As you could read from my post, both the new and old ip's are present, so I don't need to change that. I only need to remove the old ip.

It might be something like:
sed -i 's/+ip4:10.0.0.1//g' *.db

but I don't know if a double dash in this way is the correct way to remove that 10.0.0.1 ip from every SPF record.

 

[cPRex]

We add both IP addresses to allow for the Live Transfer tool to work properly in the event that messages still get sent from the Source machine for a brief period, as the mail service gets proxied to the Destination server:

Transfer Tool | cPanel & WHM Documentation

This interface copies multiple accounts from a remote server to your cPanel & WHM server.

docs.cpanel.net

It won't hurt anything to leave those IP addresses there, as that record is just telling the mail recipient what IP addresses should be permitted to send for the domain.

This command worked well for me, but I try and avoid using asterisks with no qualifies, so I changed that to "./*" to only run in the current directory:

sed -i 's/ip4:1.2.3.4//g' ./*.db

All commands provided with no warranty expressed or implied It would be best to run that on a test directory with 2 or 3 DNS zones that you've created to make sure you get the intended result.

 

[rhm.geerts]

It won't hurt anything to leave those IP addresses there, as that record is just telling the mail recipient what IP addresses should be permitted to send for the domain.

That would break the sense of SPF after the old server is down and the ip is given to somebody else, which would be allowed to send mail from our system then, according to SPF.
So I rather remove them, looks better too.

Ofcourse I understand that such commands are at own risk, but I will create a backup of the directory anyway and indeed test first with a couple of DNS zones.

I just did and it looks almost correct, but not quite. It leaves a double space and the + from in front of the +ipv4. So for future reference, this would be the correct command to remove the second ip and the space behind it.

sed -i 's/+ip4:1.2.3.4 //g' ./*.db

Thank you very much!!
You can put this one to solved too.
I just have to "up" the soa record but if I'm correct there was some thread on how to do this somewhere.

 

[rhm.geerts]

I found a string:

find /var/named/*.db -mtime -1 -exec perl -pi -e 'if (/^\s+(\d{10})\s+;\s+serial/i) { my $i = $1+1; s/$1/$i/;}' '{}' \;

however, this did not change the soa record.

So maybe you have a good hint for me to update all soa records?

 

[cPRex]

Ah, my test machine didn't have the "+" in the record there, so I didn't have that in my example.

There's a few recommendations in the thread here for the SOA value: Bulk DNS Zone Update

 

[rhm.geerts]

Yep, sorry, didn't mention it, but I found that thread too and none of the examples worked.
2021041003 ;Serial Number
And I can do what I want, it stays at 2021041003.

 

[cPRex]

Are all of your serial numbers 2021041003? If so, you could do a more basic find/replace and just manually bump the number to 2021041004.

 

[rhm.geerts]

Most of them are, also got some with 2021041102.

Ah... just seen the old 14400 TTL value still was in use. Nowadays the default is 3600 so I updated all TTL records via WHM which also updates all SOA records automatically too.
Solved... can be closed.
Thanks.