Forwarded to devs SPF record creation not working correctly

[TomBoB]

User name: TomBoB

TITLE

SPF record creation not working correctly

PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE

CentOS Linux 7.7.1908 (Core)‬
Product Plesk Obsidian
Version 18.0.24

PROBLEM DESCRIPTION

under specific circumstances, the SPF record is not created, or is created faulty, when a subscriptions DNS settings are reset to the servers DNS template.

STEPS TO REPRODUCE

server configured with one ipv4 and one ipv6 address and enabled and used for every subscription.

pick a subscription with
Hosting type: Forwarding
forwarding type: Moved permanently (code 301)
[Mail is enabled and used]

then attempt to restore DNS settings to servers DNS template.

that subscriptions DNS settings
reset to default

> only shows ipv4, ipv6 is set to none
1) if you leave as is, and restore default, no SPF record is created
or
2) keep ipv4 as is, choose the ipv6 from dropdown menu
SPF record is created but faulty: v=spf1 mx ip4:<ip.mail> ip6:realipv6 ~all

-
the servers DNS template:
<domain>. NS ns1.digitalocean.com.
<domain>. NS ns2.digitalocean.com.
<domain>. NS ns3.digitalocean.com.
<domain>. A <ip.web>
<domain>. AAAA <ipv6.web>
<domain>. MX (10) <domain>.
<domain>. TXT v=spf1 mx ip4:<ip.mail> ip6:<ipv6.mail> ~all
_dmarc.<domain>. TXT v=DMARC1; p=reject
ftp.<domain>. CNAME <domain>.
mail.<domain>. A <ip.mail>
mail.<domain>. AAAA <ipv6.mail>
webmail.<domain>. A <ip.webmail>
webmail.<domain>. AAAA <ipv6.webmail>

ACTUAL RESULT

no, or faulty SPF record is created

EXPECTED RESULT

correct SPF record is created

ANY ADDITIONAL INFORMATION

easy to correct by manually adding correct SPF record; but would be nice if it worked as intended out the box.

YOUR EXPECTATIONS FROM PLESK SERVICE TEAM

Confirm bug

 

[IgorG]

> only shows ipv4, ipv6 is set to none
1) if you leave as is, and restore default, no SPF record is created

It is expected behavior.
For example, the pattern "<domain>. AAAA <ipv6>" should not be inserted in the zone, when there is no ipv6 for the domain, right?
I guess, "<domain>. TXT v=spf1 mx ip4:<ip.mail> ip6:<ipv6.mail> ~all" with an empty string instead of "<ipv6.mail>" would be incorrect record, but I did not check it.

2) keep ipv4 as is, choose the ipv6 from dropdown menu
SPF record is created but faulty: v=spf1 mx ip4:<ip.mail> ip6:realipv6 ~all

I agree, it looks incorrect.
The bug is created: PPPM-11665

 

[TomBoB]

Hi Igor,

further to above, I think there is an underlying issue. Came across it during maintenance.

Again ipv4 and ipv6 is set up server wide for all sites. Under tools & settings, ip addresses, there are 140 sites using ipv4, but only 138 using ipv6. A comparison showed that the two sites missing from the ipv6 listing are exactly two sites that have above
> forwarding type:
> Moved permanently (code 301)
and show the odd ipv6 display of
> only shows ipv4, ipv6 is set to none

when checking those two sites with https://ipv6-test.com/validate.php it shows that ipv6 is in fact working correctly.

So in short, it appears that subscriptions with a hosting type of forwarding (301) somehow aren't correctly included in Plesks internal ipv6 usage referencing. Which then seems to lead to above issue further down the line.

Thought it might help