Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Unable to Validate Records for DNS when adding custom email address to Status Page Notifications

Edited

Hi,

We are trying to setup our domain for the Status Page emails to our customers (so we want to avoid them being sent from noreply@statuspage.io).

  • I added our email address in the portal (status@peachpayments.com)
  • We added all DNS values in our Google Domains Backend
  • When we Validate the values it tells us for all records: "It doesn't look like the correct record has been set yet."

 

Screenshot 2021-01-28 at 10.37.41.pngWe tried:

  • Created the SPF and Domain ownership records with different hostnames (because of clashing keys)
  • Removed the sts-zendesk include and when that didn't work, also removed the sts-pg.customer.com include to resolve the issue with too many DNS lookups.

 

Also there is a message at the bottom that says:

When resolving your SPF record, more than 10 DNS requests were required. Unfortunately this means the SPF record is invalid. You'll need to explore ways to reduce the number of DNS lookups in your SPF record. Maybe you can remove some includes?

Though the expected value above includes what we need, it will unfortunately not work as is. SPF has a hard limit of 10 DNS lookups, and adding the "include:stspg-customer.com" bit will tip your record over that limit. Please find a way to reduce DNS lookups in the rest of your SPF rules, or contact our support team for more help.

 

Do you have any ideas what we can look into to get this sorted?

 

Any help is appreciated!

1 answer

0 votes
Egor Atlassian Team Jan 28, 2021

Hi Chris
Egor here with the StatusPage team, thanks for reaching out!

The 10 DNS Lookup limit for SPF records is a hard limitation of the spec itself, and one that we would not have any way to directly bypass or ignore. In order to address this error and ensure a valid SPF record, there are two primary options we suggest:

1. Optimize your current record. If there are any unused ips or includes for services still referenced in the record, or unnecessary a or mx lookups taking place, removing those will reduce your DNS lookups. This may take some research and testing by you and your team.

2. Utilize a unique subdomain for StatusPage emails. By changing your 'From' email from <noreply@company.com> to something like <noreply@notifications.company.com>, that will give you a clean SPF record on <notifications.company.com> to utilize, avoiding the lookup limit.

 The 10 DNS lookup limit is not a limit on how many 'includes' can be referenced inside of an SPF record, but a limit on how many DNS lookups in total can be used to resolve the entire SPF record. RFC 4408 section 10.1 (https://tools.ietf.org/html/rfc4408#section-10.1) goes into some specific details, but in short each 'include' can count as 1 or more DNS lookups, depending on what records are set inside the included domain.

A great tool to visualize DNS lookups is this DMARCIAN SPF Survey, where you can just put in a domain and it enumerates all the DNS lookups that are done: https://dmarcian.com/spf-survey/

In the case of peachpayments.com there are currently 16 DNS lookups required to resolve the SPF record.

Should you need any other information or help, please do let me know.

Best wishes,
Egor

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
CLOUD
TAGS
Community showcase
Published in Statuspage

New feature: Slack notifications for Statuspage

We're excited to announce the release of a long-requested feature on Statuspage. Now visitors to your status page can subscribe to get notified in Slack when you report an incident or maintenance. Th...

1,978 views 5 18
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you