DNS/SPF records


  • I have what's probably a simple problem but it's kind of an emergency right now.

    We use split DNS.  We have internally NAT ip's for the Exchange hosts.  We have an external provider for external DNS and routable IP's.

    My 2013 MB server is getting rejected for a new SPF record we introduced.

    v=spf1 mx a ptr ~all

    The record is formed right.

    I looked at the bounce message and the external service bouncing the email shows my MB server hostname, but the internal NAT ip in the text.  I'm not sure where this is coming from, I would imagine the NIC on the MB server, but obviously that is not the external reverse IP we listed in external DNS so I think this is why it's being rejected.

    I was thinking I could do one of two things or both.

    1. add an include for the hostname of my MB server

    2. add the non-routable NAT IP to the SPF record

    Not sure if i'm on the right track, or what the correct course of action should be.

    Any help is greatly appreciated.

    Wednesday, December 9, 2015 7:24 PM


  • I fixed this on my own by adding an MX record for my MB server, and adding both the NAT ip and include hostname to my spf record.
    Thursday, December 10, 2015 10:11 PM