Hello all!
Few days back I visited Official Google Apps forum (one of my favorite places 
) and answered many questions. It was quite after some time i was there and found few cases/questions/problems as really interesting.
Here’s one of the questions asked there by a admin named aol985 about SPF records.
His question -
As described in http://www.google.com/support/a/bin/answer.py?hl=en&answer=33786 , I set SPF record for mashfilm.ru domain to “v=spf1 include:aspmx.googlemail.com ~all”. But aspmx.googlemail.com currently does not resolves. Is it correct?
Nice one!
He is right on fact that aspmx.googlemail.com does NOT resolve. Ok why?
anurag@root]$ dig aspmx.googlemail.com a
; <<>> DiG 9.3.4-P1.1 <<>> aspmx.googlemail.com a
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42050
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;aspmx.googlemail.com. IN A
;; Query time: 100 msec
;; SERVER: 66.33.216.208#53(66.33.216.208)
;; WHEN: Wed Aug 5 02:48:00 2009
;; MSG SIZE rcvd: 38
[anurag@root]$
Thus no A record which means it won’t resolve, BUT one must remember that a zone can have many records working side by side offering their own feature, like – MX records can be there with/without A, same with txt records, and few other also.
Now observing the spf record by Google – “v=spf1 include:aspmx.googlemail.com ~all”
here include:aspmx.googlemail.com
means to include the spf record of aspmx.googlemail.com which makes sense as:
[anurag@root]$ dig aspmx.googlemail.com txt
; <<>> DiG 9.3.4-P1.1 <<>> aspmx.googlemail.com txt
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30134
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;aspmx.googlemail.com. IN TXT
;; ANSWER SECTION:
aspmx.googlemail.com. 7178 IN TXT "v=spf1 redirect=_spf.google.com"
;; Query time: 14 msec
;; SERVER: 66.33.216.208#53(66.33.216.208)
;; WHEN: Wed Aug 5 02:54:02 2009
;; MSG SIZE rcvd: 82
[anurag@root]$
Now it means spf record for aspmx.googlemail.com is “v=spf1 redirect=_spf.google.com”
Now trying to understand _spf.google.com
underscore right in start makes it different from a sub-zone since it can’t be used as a domain but will still remain a working sub zone in terms of DNS.
So now since it can’t be used as a sub domain i.e which can be used to be attached with web server and can supply pages via ftp, there is no meaning of A record for it here.
Checking txt string of _spf.google.com
[anurag@root]$ dig _spf.google.com txt
; <<>> DiG 9.3.4-P1.1 <<>> _spf.google.com txt
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52983
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;_spf.google.com. IN TXT
;; ANSWER SECTION:
_spf.google.com. 300 IN TXT "v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ?all"
;; Query time: 29 msec
;; SERVER: 66.33.216.208#53(66.33.216.208)
;; WHEN: Wed Aug 5 02:57:26 2009
;; MSG SIZE rcvd: 229
[anurag@root]$
And here we got it!
So much information in just one hostname!
“v=spf1 ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 ?all” is a part of SPF record which Google makes its Google Apps users to use.
Thus using
“v=spf1 include:aspmx.googlemail.com ~all” in spf tells that “this domain allows all of the server on this ip range – ip4:216.239.32.0/19 ip4:64.233.160.0/19 ip4:66.249.80.0/20 ip4:72.14.192.0/18 ip4:209.85.128.0/17 ip4:66.102.0.0/20 ip4:74.125.0.0/16 ip4:64.18.0.0/20 ip4:207.126.144.0/20 as authorized to send email on behalf of that domain.
So that’s how spf works in this case.
(10 votes, average: 4.60 out of 5)
Loading ...
Today will explain what are “Apex a records”
These are simply the “A records” we have for defining address of web hosting server but incase when we have NO mx records, they work like Apex a record. In those cases all incoming mails are delivered directly to web hosting server which hosting the domain.
Concept is not of much importance but sometimes crazy things happens like e.g for a domain.com mx records are mail-server.isp.net while A record points to web hosting server 1.2.3.4
Now if mx record, i.e which is actually a hostname mail-server.sip.net doesn’t resolves becuase of some error at dns hosting of isp, mails are delivered at web hosting server on ip – 1.2.3.4 which makes things crazy, either mails will be rejected or may be delivered on un-expected location.
I found many server admin still depend on apex a record for email delivery which isn’t a good idea. Best possible way for email hosting setup via an inhouse server is to create an mx record for in house server.
It requires two steps:
- create a hostname like – mail-server.your-domain.com and point it to ip of email hosting server.
- create mx record for your-domain.com pointing to mail-server.your-domain.com
That’s all required for inhouse email hosting setup. Sounds simple….right?
I found a few great web hosts, which are really cheap yet reliable for Professional Website Hosting. So thought to put a review about them here.
Today will discuss – Bluelemonhost
Its one of the cheapest host i had seen on web, that too with cPanel and 99.9% uptime!
I had used it personally & its really good.
Good things about it:
- Too cheap …basic plan costs $11/yr only.
- cPanel based panel….thus really cool to manage things.
- Great link speeds….as per my tests – uplink – 3.5MBps and downlink – 2.8MBps (though appears to be little slow…but believe me its far better then expensive Dreamhost!)
- Good support….always responses with “done/solved/ok”
- Daily free backups with free restoration (nice!)
- No irritating limits on number of sub domains, sql databases & users, ftp users and even mailing lists.
Bad things about it:
- No ssh shell access (but i do accept its useless to give that in plan like $11 an year due to security reasons).
- No wget allowed (even via cron jobs) though good way out is just using ftp commands in shell but again that’s not for home users.
- Irritating limit- in $11 plan you can host only 1 addon domain & parked domain.
- No great cPanels addons like website builder or templates. (though you won’t need those ever!)
I recommend it using just for personal blogs and small professional sites because of its cost, features it just provides really solid hosting for personal blogs but because of limitations i won’t recommend it for an advanced user.
Cheers!
After recieving lots of emails regarding SRV records issue in Google Apps, i finally tried that in myeslf……unfortunately thats true that Google has missing info. about SRV records.
As per refering to official Google’s help here .
It has missing info. about the location servers.
Here are those missing SRV records…
_xmpp-client._tcp.YOURDOMAIN.TLD. IN SRV 5 0 5222 talk.l.google.com.
_xmpp-client._tcp.YOURDOMAIN.TLD. IN SRV 20 0 5222 talk1.l.google.com.
_xmpp-client._tcp.YOURDOMAIN.TLD. IN SRV 20 0 5222 talk2.l.google.com.
_xmpp-client._tcp.YOURDOMAIN.TLD. IN SRV 20 0 5222 talk3.l.google.com.
_xmpp-client._tcp.YOURDOMAIN.TLD. IN SRV 20 0 5222 talk4.l.google.com.
so finally saying…..just forget everything and have these SRV records to get your domain’s Gtalk working from external IM services…
I created a public G.docs spreadsheet here for easy viewing.
Feel free to post for any issues…
FAQ ON GApps SRV Records
[faq list Google Apps SRV Records]
[faq ask Google Apps SRV Records]
Hope this will help you out
(12 votes, average: 4.33 out of 5)
Loading ...
