Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validating SPF records (e.g. too many dns lookups) #21

Open
greggles opened this issue Oct 11, 2021 · 4 comments
Open

Validating SPF records (e.g. too many dns lookups) #21

greggles opened this issue Oct 11, 2021 · 4 comments

Comments

@greggles
Copy link

Hello,

I'd like to use this library to create a command for some nightly automation that would validate DNS records for people. One of the problems I want to try to avoid is that a vendor who is added via an include adjusts their record to add another DNS lookup and then it breaks the validity of my record.

As a basic proof of concept, I composer require mlocati/spf-lib and then run this with php -f main.php:

<?php

require 'vendor/autoload.php';

use SPFLib\Checker;
use SPFLib\Check\Environment;

$checker = new Checker();
$checkResult = $checker->check(new Environment('69.174.82.0', 'maf.link'));

print $checkResult->getCode() . PHP_EOL;
print_r($checkResult->getMessages());

$checkResult = $checker->check(new Environment('104.47.55.110', 'maf.link'));
print $checkResult->getCode() . PHP_EOL;
print_r($checkResult->getMessages());

What I find is that the first check says there is a permerror Too many DNS lookups have been performed (max limit is 10). The second check counts 3 DNS lookups then finds the IP and returns with success. I would expect that it should return the same pemrerror in both cases because the record itself is invalid.

Is this behavior of the library intentional?

Thanks in advance for any insight you can share.
@mlocati
Copy link
Owner

mlocati commented Oct 12, 2021
edited
Loading

Did you try to see what's happening with xdebug?

@greggles
Copy link
Author

Thanks for the quick response.

I didn't yet - was curious what your philosophical perspective was first :)

@nd1012
Copy link

nd1012 commented May 11, 2022
edited
Loading

Hi, I have a question that would match the topic, but I'm not sure if it's maybe a different issue so I append it:

When I validate a SPF record using the SemanticValidator, only the directly required DNS Lookups seem to be counted - but not those from the included SPF records. This leads to a valid result, even the SPF record is in fact invalid.

Are there plans to support counting DNS lookups for included SPF records also? Or should I implement this by myself?

Btw. I see that OnlineSemanticValidator does count everything, but it's not possible to get the counted number.

@ITC-KEDA
Copy link

This could be cool, if we could get the count out of OnlineSemanticValidator

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@greggles @mlocati @nd1012 @ITC-KEDA