将 DNS 从 Route53 移动到 Cloudflare 后了解 TXT 记录
[英]Understanding TXT records after moving DNS from Route53 to Cloudflare
问题描述
I'm moving DNS records for an existing website from Amazon Route53 to Cloudflare, and introducing an AWS load balancer into the mix.
我正在将现有网站的 DNS 条记录从 Amazon Route53 移动到 Cloudflare,并将 AWS 负载均衡器引入其中。
Current Architecture当前架构
Route53 DNS --> EC2 Instance
New Architecture新架构
Cloudflare DNS --> AWS Load Balancer --> EC2 Instance
In some of the DNS records, there are references to the Elastic IP assigned to the AWS Instance (this is shown as 11.22.33.44 below).在一些 DNS 记录中,有对分配给 AWS 实例的弹性 IP 的引用(这在下面显示为 11.22.33.44)。 I didn't set up the records previously.我之前没有设置记录。
TXT record #1 TXT 记录#1
v=spf1 mx include:_SPF.google.com a:ec2-11-22-33-44.eu-west-1.compute.amazonaws.com include:servers.mcsv.net ~all
TXT record #2 TXT 记录 #2
include:spf.protection.outlook.com include:spf.mandrillapp.com ip4:11.22.33.44
I have a couple of questions here:我在这里有几个问题:
- Does the Cloudflare proxy or the load balancer affect the existing IP in the TXT records? Cloudflare 代理或负载均衡器是否影响 TXT 记录中现有的 IP? I should leave this as it is, right?我应该保持原样,对吗?
- Do these need to be two separate TXT records?这些是否需要是两个单独的 TXT 记录? Can I combine them, and if so, does the order of the statements matter?我可以将它们组合起来吗?如果可以,语句的顺序是否重要?
1 个解决方案
解决方案1
0 已采纳 2020-05-28 18:34:37
Does the Cloudflare proxy or the load balancer affect the existing IP in the TXT records?
Correct.正确的。 Those do not affect the IP of the server.那些不影响服务器的 IP。
Do these need to be two separate TXT records?
Having more than one SPF record violates the RFC.拥有多个 SPF 记录违反了 RFC。
Duplicate SPF TXT records.
See https://www.socketlabs.com/blog/best-practices-sender-policy-framework-spf/参见https://www.socketlabs.com/blog/best-practices-sender-policy-framework-spf/
Background:背景:
Those are SPF mail domain validation records, as you may know.如您所知,这些是 SPF 邮件域验证记录。 They should always reflect the IP addresses or domains of any mail server that would be sending email on behalf of the given domain.它们应始终反映代表给定域发送 email 的任何邮件服务器的 IP 地址或域。
I would point out that since you now have a load balancer in the mix, that the instance IP number could change over time if it's replaced, assuming you have some Auto scaling group controlling instances.我要指出的是,由于您现在有一个负载均衡器,假设您有一些 Auto Scaling 组控制实例,如果实例 IP 被替换,它的编号可能会随着时间的推移而改变。 Every time that the instance restarts its IP address could change, depending on your setup.每次实例重新启动时,其 IP 地址都可能发生变化,具体取决于您的设置。 this would invalidate your SPF record and we need to be updated to maintain proper mail delivery.这会使您的 SPF 记录失效,我们需要更新以维持正确的邮件投递。
For this reason I would suggest you consider using AWS SES for outbound email which will always be correct regardless of your instance IP chnages.出于这个原因,我建议您考虑将 AWS SES 用于出站 email,无论您的实例 IP 更改如何,它始终是正确的。 The service provides fixed MX server names that you can use in your SPF records.该服务提供固定的 MX 服务器名称,您可以在 SPF 记录中使用这些名称。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.