Create both IPv4 and IPv6 SPF record

dns ipv6 spf

46,327

Solution 1

I think this is a duplicate of Will adding a second SPF record mess up my DNS? on Server Fault.

In short: yes, you must merge them. The specs do not allow multiple SPF records.

The resultant merged record should be:

TXT "v=spf1 ip4:78.46.138.249 ip6:2a01:4f8:d16:1355::2 ~all"

Solution 2

Yes it is possible and it works, a SPF with both ip6 & Ip4 would look like:

"v=spf1 ip4:XX.XX.XX.XX ip6:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX ~all"

You can also in both cases add a CIDR (basis: /32 for ipv4 & /128 for ipv6) after each address to authorize a network range rather than a host.

46,327

srgb

I am a man of wealth and fame.

Updated on July 09, 2022

Comments

srgb almost 2 years

Right now I have SPF IP4 and IP6 as two separate records, but IPv6 is not being recognized by Gmail. Should I merge them? It looks like this currently. How should it be configured?

  A   3600     0  78.46.138.249
 MX   3600    10  mx.zohomail.com
 MX   3600    20  mx2.zohomail.com
 NS   3600     0  ns1.loopia.se
 NS   3600     0  ns2.loopia.se
TXT   3600     0  "v=spf1 ip4:78.46.138.249 ~all"
TXT    300     0  "v=spf1 ip6:2a01:4f8:d16:1355::2 +all"

GMail:

Received-SPF: softfail (google.com: domain of transitioning [email protected] does not designate 2a01:4f8:d16:1355::2 as permitted sender) client-ip=2a01:4f8:d16:1355::2;

Martijn almost 10 years

Could you add an example to your post on how to merge them?
Sander Steffann almost 10 years

In this (simple) example the resulting record would be TXT "v=spf1 ip4:78.46.138.249 ip6:2a01:4f8:d16:1355::2 ~all"
Jakob Alexander Eichler over 7 years

why did you reserve 8 fields for ipv6?
Nicolas Guérinet over 7 years

IPv6 addresses are represented as eight groups of four hexadecimal digits with the groups being separated by colons, for example 2001:0db8:0000:0042:0000:8a2e:0370:7334
baptx over 6 years

Note that it seems preferred to use "-all" instead of "~all": serverfault.com/questions/355511/…