Is it bad practice to put IP addresses into SPF records instead of lookups if you are also in control of the lookedup record?

domain-name-system

Solution 1:

As mail server related DNS records are only changed occasionally but queried all the time, it is better optimize the latter. Administrator's Considerations in RFC 7208, 10.1.2 summarizes this well:

There might be administrative considerations: using a over ip4 or ip6 allows hosts to be renumbered easily at the cost of a DNS query per receiver. Using mx over a allows the set of mail hosts to be changed easily. Unless such changes are common, it is better to use the less resource-intensive mechanisms like ip4 and ip6 over a or a over mx.

Solution 2:

would result in needing to change two IPs

Sounds like an argument in favour of putting the raw address in the SPF record to me.

If the person doing the next migration sees the v4 and v6 address spelled out explicitly in the SPF record, that is just another reminder that at least two records needed to be changed anyway.

In any case, its a good idea to keep a list somewhere easily discoverable that tells the next person doing any changes what else might need an orderly rollover procedure (mta-sts, DANE, ..)

Related

Can't access instance after setting up iptables rules
Hardware Checks after Air Conditioning Failure
Multiple redirects / rewrites within one VirtualHost group
When do Dell PowerEdge servers (R210II and R620) automatically shutdown due to over heating?
Minus degrees in server room
Why is my Xen DomU kernel using more power/heat when there is no work compared to the default kernel?
Apache PHP-FPM setup results in File not found
Provide multiple cfg files for haproxy loadbalancer
Sharing folders between VMs on ESXI 6.5 for backups
App Engine Flexible Deployment Issue: 403 Resource Error
How to set custom port for DNS in systemd-resolved
Disable any "pop3-login" on Dovecot