Cloudflare no longer supports SPF records

[felixoi]

This provider states to support SPF records. As my syncs started failing after adding a SPF record, I debugged this a bit.

I did not find any official changelog but Cloudflare no longer supports SPF records. It answers with:
"DNS Validation Error (Code: 1004) The SPF record type was deprecated in RFC 7208 and is no longer supported. Use a TXT record instead".
IMO this provider should also stop advertising the support for this type of record.

[ross]

Wonder what Cloudflare does with existing SPF records in their system. Have they converted them to TXT records? Do they leave existing ones in place, but won't let you create new ones? If so will they let you delete them?

Reason I ask is if we just remove it from SUPPORTS then any existing records will become unmanaged and ignored. If they're still in the API you wouldn't be able to delete them.

[ross]

https://community.cloudflare.com/t/spf-record-type/339867 makes me think that existing ones may have been left in place so it's just that it can no longer create new ones, but I need a more definitive answer.

[janik-cloudflare]

Hi all,

You're absolutely right @ross. Existing SPF records will continue to resolve, but they can no longer be updated and new SPF records can no longer be created. We also show a warning next to existing SPF records on the dashboard. SPF can still be configured with TXT records. There are no plans to convert SPF records to TXT at this time.

Please feel free to ping me if you have any other questions!

[felixoi]

Thanks a lot @janik-cloudflare (still wondering if you saw this randomly or someone sent you my outreach on the cloudflare discord :D).

@ross How about just adding a notice to https://github.com/octodns/octodns-cloudflare#records?

[janik-cloudflare]

@felixoi, it seems to have made its way into some Slack group and then eventually into our company chat :)

[ross]

You're absolutely right @ross. Existing SPF records will continue to resolve, but they can no longer be updated and new SPF records can no longer be created. We also show a warning next to existing SPF records on the dashboard. SPF can still be configured with TXT records. There are no plans to convert SPF records to TXT at this time.

🆒 that should give me enough to go on here, assuming they can still be deleted via the API.

My first thought is to throw a "supports" error anytime a plan would create or update an SPF record. That should still allow them to be deleted/migrated and will leave them alone if they haven't changed.

Thanks @janik-cloudflare!

I may look at adding a warning to SPF records in general, not specific to CloudFlare, but that'll get filed separately once I see how this goes.

@felixoi, it seems to have made its way into some Slack group and then eventually into our company chat :)

I reached out via a slack i'm in that has a few Cloudflare people in it and one of them passed it along.

[janik-cloudflare]

Sounds great, happy to help! Yes, SPF records can still be deleted!

[ross]

#33 filed to add the described behavior, updates and deletes allowed, creates throw an error during the planning phase.