no _smtp_tls in published zone
Mark Andrews
marka at isc.org
Wed Jun 2 05:41:44 UTC 2021
> On 2 Jun 2021, at 14:59, Brett Delmage <Brett at BrettDelmage.ca> wrote:
>
> I have added the following two records
> _mta-sts.BrettDelmage.ca. 180 IN TXT "v=STSv1; id=2021060102;"
> _smtp._tls.BrettDelmage.ca. 180 IN TXT "TLSRPTv1; rua=mailto:brett at brettdelmage.ca"
> to a signed zone to enable Mail Transfer Agent Strict Transport Security.
>
> When I run
>
> /var/lib/bind/master# named-compilezone -k warn -o - BrettDelmage.ca BrettDelmage.ca
>
> I get the expected error for the leading _, but only for _mta_sts.
Underscore is not an issue for TXT records. The check-names report is for mta_sts.BrettDelmage.ca not _mta_sts.BrettDelmage.ca.
> BrettDelmage.ca:21: mta_sts.BrettDelmage.ca: bad owner name (check-names)
> zone BrettDelmage.ca/IN: loaded serial 2021060110
> BrettDelmage.ca. 180 IN SOA cacloud.brettdelmage.ca. hostmaster.BrettDelmage.ca. 2021060110 180 300 1814400 3600
> ...
> _mta-sts.BrettDelmage.ca. 180 IN TXT "v=STSv1; id=2021060102;"
> _smtp._tls.BrettDelmage.ca. 180 IN TXT "TLSRPTv1; rua=mailto:brett at brettdelmage.ca"
> ...
> OK
>
> When I load the zone I can fetch _mta-sts.BrettDelmage.ca
> dig @127.0.0.1 _mta-sts.brettdelmage.ca txt +short
> "v=STSv1; id=2021060102;"
>
> but not _smtp._tls.BrettDelmage.ca.:
>
> dig @127.0.0.1 _smtp._tls.brettdelmage.ca txt
>
> ; <<>> DiG 9.16.16-Ubuntu <<>> @127.0.0.1 _smtp._tls.brettdelmage.ca txt
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 37893
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ; COOKIE: a70534bd6a80a8c70100000060b70dbd54a4db11f1a5b7d1 (good)
> ;; QUESTION SECTION:
> ;_smtp._tls.brettdelmage.ca. IN TXT
>
> ;; AUTHORITY SECTION:
> BrettDelmage.ca. 180 IN SOA cacloud.brettdelmage.ca. hostmaster.BrettDelmage.ca. 2021060110 180 300 1814400 3600
>
> -----
> named -v
> BIND 9.16.16-Ubuntu (Stable Release) <id:0c314d8>
>
> What am I doing wrong here?
Not looking at the nameserver’s logs when the zone is loaded. If it has failed to load for any reason that will be reported.
> Thanks!
>
> Brett
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list