DNS lookup limits related to MX

I’m confused about how the DNS lookups are counted when dealing with the MX mechanism. The RFC says

When evaluating the "mx" mechanism, the number of "MX" resource
records queried is included in the overall limit of 10 mechanisms/
modifiers that cause DNS lookups as described above.  In addition to
that limit, the evaluation of each "MX" record MUST NOT result in
querying more than 10 address records -- either "A" or "AAAA"
resource records.  If this limit is exceeded, the "mx" mechanism MUST
produce a "permerror" result.

It seems clear that a mx mechanism in the SPF record adds one to the DNS count but it is less clear (to me) if querying the DNS to find the records from that MX is added to the count or is it a separate count that also must be no more than 10.
As an example of the problem the spf record for service-now.com is

v=spf1 mx a:b.spf.service-now.com a:c.spf.service-now.com a:d.spf.service-now.com ~all

There are at least 4 terms querying the DNS. Querying the DNS for the MX of service-now.com returns 8 MX records. Is 8 added to the previous 4 or not? If so then this results a permerror, if not then the record is valid.

Hi Mark,

I was hoping others would respond.

Yes, MX does count against the 10 domain lookup. It’ll be considered as one lookup, since it is looking up the domain’s MX record.

So in the example you defined, it would would 4 domain lookups occurring.

1 Like

I added two hostnames in my MX record in preparation to move to a cloud hosted spam gateway. I then added two include statements in my SPF. I’m now getting hit with more than 10 queries and am unable to send mail to yahoo.com or aol.com. Not sure exactly where I’m getting punished on the queries.

I have a Web page which can check the SPF record for a domain name and which will quickly and simply answer most questions of the kind I’ve seen posted here.

It’s a very simple page, rendered by a Perl script. No Javascript. No cookies. No adverts (in fact no third party stuff of any kind), but maybe one day that will change if it becomes popular and I can defray some of the costs that way.

The whole site is a work in progress. The SPF check doesn’t yet handle macros or the more esoteric constructs that are possible in SPF records, but very few records use those things anyway.

Would it be appropriate to post a link?

Hi Gary,

If it is free to use and not leading to any sales type materials, then feel free to post.

Thanks,
Shehzad