usually, we get an SPF record in the form of spf.thirdpartyexample.com
now if we install any email server we create an SPF record with ip:xx.xx.xxx.x
reference link from validity
v=spf1 -mx -ptr include:_spf.mx.cloudflare.net -all
so my question is :
how to create an SPF record as spf.example.com
for our own server in the same way we get from a third-party vendor?
You mean to "authorize" your own domain/s in your Bind/dns?
If, then you should have
yourdomain.tld. IN TXT "v=spf1 a mx ~all"
in your bind zone configuration file
v=spf1 tells it's a spf record
"a" tells that "yourdomain.tld" IP is allowed to send mail from yourdomain.tld
"mx" tells that the mx server IP of yourdomain.tld is allowed to send mail
"~all" tells that SPF queries that do not match any other mechanism will return “softfail”. Messages that are not sent from an approved server (the server with ip www.xxx.yyy.zzz = the ip of the mail server yourdomain.tld = "a". The server with ip aaa.bbb.ccc.ddd = the ip of the mx record of yourdomain.tld = "mx") should still be accepted but may be subjected to greater scrutiny...
So, if your dns record is like
yourdomain.tld. IN A aaa.bbb.ccc.ddd
mail.yourdomain.tld. IN A www.xxx.yyy.zzz
yourdomain.tld. IN MX 10 mail.yourdomain.tld.
the SPF tells that