Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Join now to unlock these features and more

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Get started Tell me more
Atlassian Community about banner
4,560,301
Community Members
 
Community Events
185
Community Groups

DNS Domain Verification Combined with SPF

Edited
Joel Potter
Joel Potter Jun 20, 2019

I have an existing TXT record for SPF on my domain. How do I modify it to include the Atlassian domain verification token so both will still be valid?

E.g. current record looks like: 

type:  TXT
key:   example.com
value: v=spf1 include:emailserver.com ~all

What should the new record value look like to include the "atlassian-domain-verification="?

Answer
Watch
Like Be the first to like this
744 views

1 answer

0 votes
George Karaolides
George Karaolides Feb 05, 2020 • edited

***NOTE:  The following answer would be correct if the TXT record was only required when first verifying a domain but this is not true, the TXT record is required in perpetuity***

It's probably not possible to combine both Jira verification and SPF in the same TXT record, and it's certainly not possible to have more than one TXT record at origin level in the same DNS zone.

Despite that, it's still possible to use a TXT record for Jira verification, because the TXT record for Jira verification is only needed during the actual verification; after that, it can be removed or replaced.

The way to proceed is to temporarily replace the TXT record for SPF with the TXT record for Jira verification, complete the Jira verification, and then re-instate the TXT record for SPF.

With direct access to the DNS zone configuration, and attention paid to the TTL of the TXT record, the whole process can take as little as a couple of minutes, so it shouldn't matter that the zone will not have an SPF record for that time.

If the TTL of the TXT record is fairly short (say,  300 seconds or less) it should be possible to proceed directly.

If the TTL is longer, it would be safer to first change the TTL to e.g. 300 and wait for a period of time equal to or longer than the original TTL before carrying out the procedure.  Once the procedure is complete, the TTL can be increased back to the original value.

View More Comments
Joel Potter
Joel Potter Feb 05, 2020

I was under the impression that the domain verification needed to remain in place permanently. If that's not the case than I can use the temporary TXT change as you suggest.

Like
George Karaolides
George Karaolides Feb 05, 2020

I stand corrected.  I tried this and it worked, but it looks like it will break later because Atlassian periodically checks that the TXT record is still there.  Thank you for pointing this out.

One would have thought that, instead of the origin, Atlassian would choose to use a name under the zone, to allow their record to co-exist with SPF.

I am now faced with either turning off SPF for my domain or using HTTPS verification.

Like
Joel Potter
Joel Potter Feb 05, 2020

Thanks for testing it out. 

I think Atlassian needs to add another DNS verification method maybe similar to how DKIM is handled with subdomains.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Identity Manager
Atlassian Access
TAGS
AUG Leaders

Atlassian Community Events

See all events