Fwd: Re: How to set up a dmarc record ?
Edouard Guigné
eguigne at pasteur-cayenne.fr
Tue Dec 10 16:43:05 UTC 2019
Hello,
What is wrong with my file zone ?
Why espcially for _dmarc IN TXT
I cannot get the ANSWER SECTION with a dig command ?
Best Regards,
Ed
-------- Message transféré --------
Sujet : Re: How to set up a dmarc record ?
Date : Tue, 10 Dec 2019 11:51:47 -0300
De : Edouard Guigné via bind-users <bind-users at lists.isc.org>
Répondre à : Edouard Guigné <eguigne at pasteur-cayenne.fr>
Pour : bind-users at lists.isc.org >> bind-users <bind-users at lists.isc.org>
Hello,
I changed to "_dmarc" instead of "_dmarc.pasteur-cayenne.fr"
_dmarc IN TXT ( "v=DMARC1; p=none; "
"rua=mailto:dmarc at pasteur-cayenne.fr; pct=5; "
"sp=none; aspf=r" )
My zone file is updated :
# named-checkzone pasteur-cayenne.fr
/var/named/external/db.pasteur-cayenne.fr
zone pasteur-cayenne.fr/IN: loaded serial 2019120810
OK
But It still does not give the dmarc ANSWER SECTION expected :
# dig IN txt _dmarc.pasteur-cayenne.fr. @ara.pasteur-cayenne.fr.
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> IN txt
_dmarc.pasteur-cayenne.fr. @ara.pasteur-cayenne.fr.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4753
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_dmarc.pasteur-cayenne.fr. IN TXT
;; AUTHORITY SECTION:
_dmarc.pasteur-cayenne.fr. 3600 IN NS ara.pasteur-cayenne.fr.
;; ADDITIONAL SECTION:
ara.pasteur-cayenne.fr. 3600 IN A 186.2.246.17
;; Query time: 0 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: mar. déc. 10 11:42:21 -03 2019
;; MSG SIZE rcvd: 88
Le 10/12/2019 à 10:46, Ondřej Surý a écrit :
> Also the record on the next line looks suspicious:
>
> IN NS ara.pasteur-cayenne.fr.
I am very sorry because I am not very used with bind.
"ara" is the primary DNS for internet.
Is this line redundant with the line before ?
NS ara.pasteur-cayenne.fr.
> As you delegated the whole subdomain to ara.p-c.fr again:
>
>
> $ dig IN TXT _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. @ara.pasteur-cayenne.fr.
>
> ; <<>> DiG 9.11.8 <<>> IN TXT _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. @ara.pasteur-cayenne.fr.
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52693
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ; COOKIE: 35c43e4d3150d78270cae65e5defa16cbf8158df5e59c89c (good)
> ;; QUESTION SECTION:
> ;_dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. IN TXT
>
> ;; AUTHORITY SECTION:
> _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. 3600 IN NS ara.pasteur-cayenne.fr.
>
> ;; ADDITIONAL SECTION:
> ara.pasteur-cayenne.fr. 3600 IN A 186.2.246.17
>
> ;; Query time: 192 msec
> ;; SERVER: 186.2.246.17#53(186.2.246.17)
> ;; WHEN: Tue Dec 10 14:45:16 CET 2019
> ;; MSG SIZE rcvd: 135
>
> I don’t think it was an intent.
>
> Ondrej
> --
> Ondřej Surý
> ondrej at isc.org
>
>> On 10 Dec 2019, at 14:37, Niall O'Reilly<niall.oreilly at ucd.ie> wrote:
>>
>> On 10 Dec 2019, at 13:30, Edouard Guigné wrote:
>>
>>> ; DMARC
>>> _dmarc.pasteur-cayenne.fr IN TXT ( "v=DMARC1; p=none; "
>>> "rua=[mailto:dmarc at pasteur-cayenne.fr](<mailto:dmarc at pasteur-cayenne.fr>); pct=5; "
>>> "sp=none; aspf=r" )
>> Instead of "_dmarc.pasteur-cayenne.fr", you should put "_dmarc",
>> leaving out ".pasteur-cayenne.fr", just as you did for the DKIM
>> record.
>>
>> Niall O'Reilly
>> _______________________________________________
>> Please visithttps://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20191210/986fa491/attachment.htm>
More information about the bind-users
mailing list