DNS spf and DKIM record


i found dhcp.@txt-record[0]=txt-record by running uci show dhcp.

i try the following command

uci add dhcp txt-record
uci set dhcp.@txt-record[-1]="v=spf1 mx ~all"

my syntaxe seems to be wrong

uci: Invalid argument

how can i set txt-record ?


You install dnsmasq-full?
This config probably it's only possible write directly to dnsmasq.conf ...


I don't see the TXT in the list of examples. @vgaetera is it possible?

I have the standard package : dnsmasq - 2.80-16.3.

Should i install "dnsmasq-full" ?
I am not sure to understand the difference between the both package as the description package only add "This is a fully configurable variant with DHCPv4, DHCPv6, DNSSEC, Authoritative DNS\ and IPset, Conntrack support & NO_ID enabled by default." for dnsmasq-full.

What is the best practice ? Install dnsmasq-full ?


There's nothing TXT-related in the Dnsmasq init script, so the advice of @eduardo010174 makes sense.

1 Like

theoretically, it's possible to set spf and DKIM in /etc/dnsmasq.conf with something like txt-record=example.com,"v=spf1 a ~all"

i will look at how to switch from dnsmasq to dnsmasq-full.


1 Like

According to https://openwrt.org/docs/guide-user/base-system/dhcp, dnsmasq-full is only mandatory to DNSSEC and IPsets. in any way, DNSSEC will be my next step so i must install it.

i am not sure if i can run opkg install dnsmasq-full or if i should do something with dnsmasq before. dnsmasq-full package description link no conflict whith dnsmasq.

thank's for your help

Better remove the simple one first before installing the full.
However the dnsmasq is part of the image, so it won't be actually erased.

opkg remove dnsmasq breaks the configuration. so you have to temporary add a nameserver in /etc/resolv.conf to be able to run opkg update and opkg install dnsmasq-full

It's fine if you stop the service before removing the package.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.