福岡工業大学 ネットワーク競技愛好会の部員が活動の様子を紹介します!



本サークルの管理しているDNSサーバでは、なりすまし攻撃を防ぐためにSPF(Sender Policy Framework)を設定しています。







1.TXTレコード(Type 16)で記述する場合

2.SPFレコード(Type 99)で記述する場合


ネットワークの六法全集と呼ばれているRFC(Request for Comments)のRFC 4408にはこう書かれています。

3.1.1. DNS Resource Record Types

This document defines a new DNS RR of type SPF, code 99. The format
of this type is identical to the TXT RR [RFC1035]. For either type,
the character content of the record is encoded as [US-ASCII].

It is recognized that the current practice (using a TXT record) is
not optimal, but it is necessary because there are a number of DNS
server and resolver implementations in common use that cannot handle
the new RR type. The two-record-type scheme provides a forward path
to the better solution of using an RR type reserved for this purpose.

An SPF-compliant domain name SHOULD have SPF records of both RRtypes. A compliant domain name MUST have a record of at least one
type. If a domain has records of both types, they MUST have
identical content. For example, instead of publishing just one
record as in Section 3.1 above, it is better to publish: IN TXT "v=spf1 +mx -all" IN SPF "v=spf1 +mx -all"


RFC 4408が勧告されたのが2006年でしたが、当時はまだSPFレコードに対応するDNSソフトウェアが少なく、多くの人がTXTレコードのみで記述していました

そして、2014年に勧告されたRFC 7208にはこう書かれています。

3.1. DNS Resource Records

SPF records MUST be published as a DNS TXT (type 16) Resource Record(RR) [RFC1035] only. The character content of the record is encoded
as [US-ASCII]. Use of alternative DNS RR types was supported in
SPF's experimental phase but has been discontinued.

In 2003, when SPF was first being developed, the requirements for
assignment of a new DNS RR type were considerably more stringent than
they are now. Additionally, support for easy deployment of new DNS







多くの人が使っているであろうBINDさんでは、Ver.9.9.6からRFC 7208に対応しています。