OK. I have managed to setup DNS and SPF records but I don't if this is correct or not because http://www.dnsstuff.com/tools/dnsreport.ch?domain=usarmydt.com shows me that "Your domain does not have an SPF record. This means that spammers can easily send out E-mail that looks like it came from your domain, which can make your domain look bad (if the recipient thinks you really sent it), and can cost you money (when people complain to you, rather than the spammer). You may want to add an SPF record ASAP, as 01 Oct 2004 was the target date for domains to have SPF records in place (Hotmail, for example, started checking SPF records on 01 Oct 2004). "

let me know if my setup is correct I have installed debian using the perfect setup and I also have ISPconfig up and running maybe that's why ... I just don't know what to do :)

www:/etc/bind# cat named.conf

options {
pid-file "/var/run/bind/run/named.pid";
directory "/etc/bind";
auth-nxdomain no;
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
// query-source address * port 53;
};

//
// a caching only nameserver config
//
zone "." {
type hint;
file "db.root";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "db.local";
};




//// MAKE MANUAL ENTRIES BELOW THIS LINE! ////

zone "usarmydt.com" {
type master;
file "/etc/bind/usarmydt.com.hosts";
};

www:/etc/bind# cat usarmydt.com.hosts

$ttl 38400
usarmydt.com. IN SOA www.usarmydt.com. root.usarmydt.com. (
1201480081
10800
3600
604800
38400 )
usarmydt.com. IN NS www.usarmydt.com.
mail.usarmydt.com. IN MX 10 mail.usarmydt.com
usarmydt.com. IN TXT "v=spf1 a mx ~all"
mail.usarmydt.com. IN TXT "v=spf1 a mx ~all"
usarmydt.com. IN PTR usarmydt.com



Is there anything else that I need to do so I can have my SPF records ?

and tail /var/log/daemon.log

Jan 28 02:34:35 www named[3175]: starting BIND 9.3.4 -u bind -t /var/lib/named
Jan 28 02:34:35 www named[3175]: found 1 CPU, using 1 worker thread
Jan 28 02:34:35 www named[3175]: loading configuration from '/etc/bind/named.conf'
Jan 28 02:34:35 www named[3175]: listening on IPv4 interface lo, 127.0.0.1#53
Jan 28 02:34:35 www named[3175]: listening on IPv4 interface eth0, 88.198.67.242#53
Jan 28 02:34:35 www named[3175]: command channel listening on 127.0.0.1#953
Jan 28 02:34:35 www named[3175]: command channel listening on ::1#953
Jan 28 02:34:35 www named[3175]: zone 0.0.127.in-addr.arpa/IN: loaded serial 1
Jan 28 02:34:35 www named[3175]: zone usarmydt.com/IN: loaded serial 1201480081
Jan 28 02:34:35 www named[3175]: running


but it seems that I'm not listening on anything because /var/cache/bind is an empty directory. Might that be the reason that other providers can't see my SPF flags ?

www:/etc/bind# cat named.conf.options

options {
directory "/var/cache/bind";

// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.

// query-source address * port 53;

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

// forwarders {
// 0.0.0.0;
// };

auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};

Hm I think that's my provider fault.

Searching for usarmydt.com SPF record at i.root-servers.net [192.36.148.17]: Got referral to M.GTLD-SERVERS.NET. (zone: com.) [took 50 ms]
Searching for usarmydt.com SPF record at M.GTLD-SERVERS.NET. [192.55.83.30]: Got referral to ns2.senpai-it.com. (zone: usarmydt.com.) [took 130 ms]
Searching for usarmydt.com SPF record at ns2.senpai-it.com. [88.198.152.130]: Reports that no SPF records exist. [took 128 ms] Response: No SPF records exist for usarmydt.com. [Neg TTL=2560 seconds] Details: ns2.senpai-it.com. (an authoritative nameserver for usarmydt.com.) says that there are no SPF records for usarmydt.com.

What do you guys think ?

There IS an SPF record for your domain:
mh1:~# dig txt usarmydt.com

; <<>> DiG 9.3.4 <<>> txt usarmydt.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19035
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;usarmydt.com. IN TXT

;; ANSWER SECTION:
usarmydt.com. 1800 IN TXT "v=spf1 a mx -all"

;; Query time: 53 msec
;; SERVER: 213.191.92.84#53(213.191.92.84)
;; WHEN: Mon Jan 28 17:25:00 2008
;; MSG SIZE rcvd: 59

mh1:~#

Thanks for the info falko with dig I can see the spf record myself still by looking up at www.dnsstuff.com :

Searching for usarmydt.com SPF record at h.root-servers.net [128.63.2.53]: Got referral to l.gtld-servers.net. (zone: com.) [took 144 ms]
Searching for usarmydt.com SPF record at l.gtld-servers.net. [192.41.162.30]: Got referral to ns1.senpai-it.com. (zone: usarmydt.com.) [took 45 ms]
Searching for usarmydt.com SPF record at ns1.senpai-it.com. [88.198.17.99]: Reports that no SPF records exist. [took 128 ms] Response: No SPF records exist for usarmydt.com. [Neg TTL=2560 seconds] Details: ns1.senpai-it.com. (an authoritative nameserver for usarmydt.com.) says that there are no SPF records for usarmydt.com. The E-mail address in charge of the usarmydt.com. zone is: hostmaster@senpai-it.com.

It seems that my provider didn't forwarded the spf records to me ?


Btw. I just got a reply from my provider.

We do not create SPF records for domains by default.
I created one for you now as you requested.
Please allow about 1 hour for the changes to take effect.


But still nothing :)

Please check again. I'm still seeing an SPF record:

[root@server1 ~]# dig txt usarmydt.com

; <<>> DiG 9.5.0a6 <<>> txt usarmydt.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55606
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;usarmydt.com. IN TXT

;; ANSWER SECTION:
usarmydt.com. 1800 IN TXT "v=spf1 a mx -all"

;; Query time: 249 msec
;; SERVER: 145.253.2.75#53(145.253.2.75)
;; WHEN: Tue Jan 29 19:05:31 2008
;; MSG SIZE rcvd: 59

[root@server1 ~]#

Mrtornado79, I'd just like to let you know I have reported you to SENPAI-IT.COM for actively engaging in illegal activity by impersonating a US armed forces soldier.

Via IM messages where you acted as mark@usarmydt.com

"'m a specialist in the Army @ the 10TH Mountain Division in Buffalo, NY 2nd Battalion, 22nd Infantry"

Called this base to verify you were not enlisted here nor any other base for the US army. Commanding officer of that batallion will be calling me back to get more info and a copy of my IM records.


The next time your try to scam someone don't impersonate the US military, and an FYI google mark@usarmydt.com and whois registar are good resources to catch scam baiters. Who knows maybe the US military base near you might just be knocking on your door in the next few hours...

Good luck and bring your lube where your going