## SPF Value Management for octoDNS
An [octoDNS](https://github.com/octodns/octodns/) provider that supports managing SPF values in TXT records.
### Installation
#### Command line
```
pip install octodns-spf
```
#### requirements.txt/setup.py
Pinning specific versions or SHAs is recommended to avoid unplanned upgrades.
##### Versions
```
# Start with the latest versions and don't just copy what's here
octodns==0.9.14
octodns-spf==0.0.1
```
##### SHAs
```
# Start with the latest/specific versions and don't just copy what's here
-e git+https://git@github.com/octodns/octodns.git@9da19749e28f68407a1c246dfdf65663cdc1c422#egg=octodns
-e git+https://git@github.com/octodns/octodns-spf.git@ec9661f8b335241ae4746eea467a8509205e6a30#egg=octodns_spf
```
### Configuration
#### SpfSource
```yaml
providers:
spf-google:
class: octodns_spf.SpfSource
# See https://datatracker.ietf.org/doc/html/rfc7208#section-5 for the
# details of the various mechinisms below. Each is an array of zero or more
# items to be added to the SPF record. Mechinisms are specified in the order
# the parameters are listed below and value order is preserved.
# (default: empty list)
a_records: []
mx_records: []
ip4_addresses: []
ip6_addresses: []
includes: []
exists: []
# The "all" value to be appended onto the SPF value, there's not a clear
# consensus on best practice here, but there does seem to be a slight leaning
# towards hard-failing, "-all". Soft-fail can be enabled by setting this
# value to `true`. If for some reason you donot want to specify a fail mode,
# this can be set to `null` and it will be ommited.
# See https://news.ycombinator.com/item?id=34344590 for some discussion
# (default: false, hard fail)
soft_fail: false
# Wether or not this provider will merge it's configuration with any
# prexisting SPF value in an APEX TXT record. If `false` an error will be
# thrown. If `true` the existing values, wether from a previous SpfSource or
# any other provider, will be preserved and this provider's config will be
# appended onto each mechinism.
merging_enabled: false
# The TTL of the TXT record when created by SpfSource. If instead a value
# is added to an existing record the TTL will be left as-is.
# (default: 3600)
ttl: 3600
# Enable verification of the SPF value, specifically evaluating the number
# of DNS lookups required to fully resolve the value.
# (default: false)
verify_dns_lookups: false
```
#### SpfDnsLookupProcessor
Verifies that SPF values in TXT records are valid.
```yaml
processors:
spf:
class: octodns.processor.spf.SpfDnsLookupProcessor
zones:
example.com.:
sources:
- config
processors:
- spf
targets:
- route53
The validation can be skipped for specific records by setting the lenient
flag, e.g.
_spf:
octodns:
lenient: true
ttl: 86400
type: TXT
value: v=spf1 ptr ~all
```
#### Real World Examples
A base that disables all email applied to all Zones
```yaml
providers:
spf-base:
class: octodns_spf.SpfSource
```
A follow on source that will add the recommended values for Google Workspace
and Salesforce.
```yaml
providers:
spf-mail:
class: octodns_spf.SpfSource
includes:
- _spf.google.com
- _spf.salesforce.com
soft_fail: true
merging_enabled: true
verify_dns_lookups: true
```
Per https://support.google.com/a/answer/10684623?hl=en and
https://help.salesforce.com/s/articleView?id=000382664&type=1
Zones would have one or more of these providers added to their sources list.
```yaml
zones:
...
# main zone that will be generally used for email
github.com.:
sources:
- config
- spf-base
- spf-mail
targets:
...
# ancilary zone, pretty much everything else
githubusercontent.com.:
sources:
- config
- spf-base
targets:
...
...
```
If instead you prefer to just utilize the SpfDnsLookupProcessor stand alone on
records configured in other ways you can do so by enabling the processor.
Alternatively the processor could be configured in the manager's global
processors list.
```yaml
processors:
spf:
class: octodns.processor.spf.SpfDnsLookupProcessor
zones:
example.com.:
sources:
- config
processors:
- spf
targets:
- route53
```
The validation can be skipped for specific records by setting the lenient
flag, e.g.
```yaml
_spf:
octodns:
lenient: true
ttl: 86400
type: TXT
value: v=spf1 ptr ~all
```
### Support Information
#### Records
TXT
### Development
See the [/script/](/script/) directory for some tools to help with the
development process. They generally follow the [Script to rule them
all](https://github.com/github/scripts-to-rule-them-all) pattern. Most useful
is `./script/bootstrap` which will create a venv and install both the runtime
and development related requirements. It will also hook up a pre-commit hook
that covers most of what's run by CI.
Raw data
{
"_id": null,
"home_page": "https://github.com/octodns/octodns-spf",
"name": "octodns-spf",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.6",
"maintainer_email": "",
"keywords": "",
"author": "Ross McFarland",
"author_email": "rwmcfa1@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/e5/bf/4105842d8f03f2a21d8ebd22fd3aa21881d141512046058c89a5cd09e84e/octodns-spf-0.0.2.tar.gz",
"platform": null,
"description": "## SPF Value Management for octoDNS\n\nAn [octoDNS](https://github.com/octodns/octodns/) provider that supports managing SPF values in TXT records.\n\n### Installation\n\n#### Command line\n\n```\npip install octodns-spf\n```\n\n#### requirements.txt/setup.py\n\nPinning specific versions or SHAs is recommended to avoid unplanned upgrades.\n\n##### Versions\n\n```\n# Start with the latest versions and don't just copy what's here\noctodns==0.9.14\noctodns-spf==0.0.1\n```\n\n##### SHAs\n\n```\n# Start with the latest/specific versions and don't just copy what's here\n-e git+https://git@github.com/octodns/octodns.git@9da19749e28f68407a1c246dfdf65663cdc1c422#egg=octodns\n-e git+https://git@github.com/octodns/octodns-spf.git@ec9661f8b335241ae4746eea467a8509205e6a30#egg=octodns_spf\n```\n\n### Configuration\n\n#### SpfSource\n\n```yaml\nproviders:\n spf-google:\n class: octodns_spf.SpfSource\n\n # See https://datatracker.ietf.org/doc/html/rfc7208#section-5 for the\n # details of the various mechinisms below. Each is an array of zero or more\n # items to be added to the SPF record. Mechinisms are specified in the order\n # the parameters are listed below and value order is preserved.\n # (default: empty list)\n a_records: []\n mx_records: []\n ip4_addresses: []\n ip6_addresses: []\n includes: []\n exists: []\n\n # The \"all\" value to be appended onto the SPF value, there's not a clear\n # consensus on best practice here, but there does seem to be a slight leaning\n # towards hard-failing, \"-all\". Soft-fail can be enabled by setting this\n # value to `true`. If for some reason you donot want to specify a fail mode,\n # this can be set to `null` and it will be ommited.\n # See https://news.ycombinator.com/item?id=34344590 for some discussion\n # (default: false, hard fail)\n soft_fail: false\n\n # Wether or not this provider will merge it's configuration with any\n # prexisting SPF value in an APEX TXT record. If `false` an error will be\n # thrown. If `true` the existing values, wether from a previous SpfSource or\n # any other provider, will be preserved and this provider's config will be\n # appended onto each mechinism.\n merging_enabled: false\n\n # The TTL of the TXT record when created by SpfSource. If instead a value\n # is added to an existing record the TTL will be left as-is.\n # (default: 3600)\n ttl: 3600\n\n # Enable verification of the SPF value, specifically evaluating the number\n # of DNS lookups required to fully resolve the value.\n # (default: false)\n verify_dns_lookups: false\n```\n\n#### SpfDnsLookupProcessor\n\nVerifies that SPF values in TXT records are valid.\n\n```yaml\n\n processors:\n spf:\n class: octodns.processor.spf.SpfDnsLookupProcessor\n\n zones:\n example.com.:\n sources:\n - config\n processors:\n - spf\n targets:\n - route53\n\n The validation can be skipped for specific records by setting the lenient\n flag, e.g.\n\n _spf:\n octodns:\n lenient: true\n ttl: 86400\n type: TXT\n value: v=spf1 ptr ~all\n```\n\n#### Real World Examples\n\nA base that disables all email applied to all Zones\n\n```yaml\nproviders:\n spf-base:\n class: octodns_spf.SpfSource\n```\n\nA follow on source that will add the recommended values for Google Workspace\nand Salesforce.\n\n```yaml\nproviders:\n spf-mail:\n class: octodns_spf.SpfSource\n includes:\n - _spf.google.com\n - _spf.salesforce.com\n soft_fail: true\n merging_enabled: true\n verify_dns_lookups: true\n```\n\nPer https://support.google.com/a/answer/10684623?hl=en and\nhttps://help.salesforce.com/s/articleView?id=000382664&type=1\n\nZones would have one or more of these providers added to their sources list.\n\n```yaml\nzones:\n ...\n\n # main zone that will be generally used for email\n github.com.:\n sources:\n - config\n - spf-base\n - spf-mail\n targets:\n ...\n\n # ancilary zone, pretty much everything else\n githubusercontent.com.:\n sources:\n - config\n - spf-base\n targets:\n ...\n\n ...\n```\n\nIf instead you prefer to just utilize the SpfDnsLookupProcessor stand alone on\nrecords configured in other ways you can do so by enabling the processor.\nAlternatively the processor could be configured in the manager's global\nprocessors list.\n\n```yaml\nprocessors:\n spf:\n class: octodns.processor.spf.SpfDnsLookupProcessor\n\nzones:\n example.com.:\n sources:\n - config\n processors:\n - spf\n targets:\n - route53\n```\n\nThe validation can be skipped for specific records by setting the lenient\nflag, e.g.\n\n```yaml\n_spf:\n octodns:\n lenient: true\n ttl: 86400\n type: TXT\n value: v=spf1 ptr ~all\n```\n\n### Support Information\n\n#### Records\n\nTXT\n\n### Development\n\nSee the [/script/](/script/) directory for some tools to help with the\ndevelopment process. They generally follow the [Script to rule them\nall](https://github.com/github/scripts-to-rule-them-all) pattern. Most useful\nis `./script/bootstrap` which will create a venv and install both the runtime\nand development related requirements. It will also hook up a pre-commit hook\nthat covers most of what's run by CI.\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "SPF Value Management for octoDNS",
"version": "0.0.2",
"project_urls": {
"Homepage": "https://github.com/octodns/octodns-spf"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "a512e6ce00f0061b93e2743eeae758a6170fbac497a09f37e05804043dbb2aeb",
"md5": "05e791ad2d4ba8668e09f3ab0fbb0f71",
"sha256": "af2874bceb1a06fd8f3f8d8d3701f9f15ec20a1c12ca4dc4a5293e165bdf2b11"
},
"downloads": -1,
"filename": "octodns_spf-0.0.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "05e791ad2d4ba8668e09f3ab0fbb0f71",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.6",
"size": 7204,
"upload_time": "2023-09-13T01:21:54",
"upload_time_iso_8601": "2023-09-13T01:21:54.289350Z",
"url": "https://files.pythonhosted.org/packages/a5/12/e6ce00f0061b93e2743eeae758a6170fbac497a09f37e05804043dbb2aeb/octodns_spf-0.0.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "e5bf4105842d8f03f2a21d8ebd22fd3aa21881d141512046058c89a5cd09e84e",
"md5": "8c058c61200b4bf30cb76f324c397a99",
"sha256": "1b6cd55673867331c5c17447593e974832cc674d9fbda7c863c074b0f57cbcf5"
},
"downloads": -1,
"filename": "octodns-spf-0.0.2.tar.gz",
"has_sig": false,
"md5_digest": "8c058c61200b4bf30cb76f324c397a99",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.6",
"size": 11562,
"upload_time": "2023-09-13T01:21:56",
"upload_time_iso_8601": "2023-09-13T01:21:56.086461Z",
"url": "https://files.pythonhosted.org/packages/e5/bf/4105842d8f03f2a21d8ebd22fd3aa21881d141512046058c89a5cd09e84e/octodns-spf-0.0.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-09-13 01:21:56",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "octodns",
"github_project": "octodns-spf",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [],
"lcname": "octodns-spf"
}
JSON
