How to set up a dmarc record ?

Emre Özüdoğru emre.ozudogru at turknet.net.tr
Tue Dec 10 20:25:22 UTC 2019 

If I query your zone. It give me answer you wanted. Is your problem continues or fixed?

emre at FXMBP ~ % dig IN txt _dmarc.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr>. @ara.pasteur-cayenne.fr.


; <<>> DiG 9.10.6 <<>> IN txt _dmarc.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr>. @ara.pasteur-cayenne.fr.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33317
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_dmarc.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr>. IN TXT

;; ANSWER SECTION:
_dmarc.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr>. 3600 IN TXT "v=DMARC1; p=none; " "rua=mailto:dmarc at pasteur-cayenne.fr; pct=5; " "sp=none; aspf=r"

;; AUTHORITY SECTION:
pasteur-cayenne.fr<http://pasteur-cayenne.fr>. 86400 IN NS ns6.oleane.net<http://ns6.oleane.net>.
pasteur-cayenne.fr<http://pasteur-cayenne.fr>. 86400 IN NS ara.pasteur-cayenne.fr<http://ara.pasteur-cayenne.fr>.
pasteur-cayenne.fr<http://pasteur-cayenne.fr>. 86400 IN NS ns7.oleane.net<http://ns7.oleane.net>.

;; ADDITIONAL SECTION:
ara.pasteur-cayenne.fr<http://ara.pasteur-cayenne.fr>. 3600 IN A 186.2.246.17

;; Query time: 221 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: Tue Dec 10 23:21:21 +03 2019
;; MSG SIZE  rcvd: 226




On 10 Dec 2019, at 19:46, Ondřej Surý <ondrej at isc.org<mailto:ondrej at isc.org>> wrote:

Well, I already told you what’s wrong and you ignored that part. Please read it again and understand what it means to delegate a part of the zone. Your problems are not specific to BIND 9, it’s just your zone file is wrong.

Ondrej
--
Ondřej Surý — ISC

On 10 Dec 2019, at 17:43, Edouard Guigné via bind-users <bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>> wrote:



Hello,

What is wrong with my file zone ?
Why espcially for _dmarc IN TXT
I cannot get the ANSWER SECTION with a dig command ?

Best Regards,

Ed

-------- Message transféré --------
Sujet :         Re: How to set up a dmarc record ?
Date :  Tue, 10 Dec 2019 11:51:47 -0300
De :    Edouard Guigné via bind-users <bind-users at lists.isc.org><mailto:bind-users at lists.isc.org>
Répondre à :    Edouard Guigné <eguigne at pasteur-cayenne.fr><mailto:eguigne at pasteur-cayenne.fr>
Pour :  bind-users at lists.isc.org<mailto:bind-users at lists.isc.org> >> bind-users <bind-users at lists.isc.org><mailto:bind-users at lists.isc.org>



Hello,

I changed to "_dmarc" instead of "_dmarc.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr>"
_dmarc IN      TXT     ( "v=DMARC1; p=none; "
          "rua=mailto:dmarc at pasteur-cayenne.fr; pct=5; "
          "sp=none; aspf=r" )

My zone file is updated :
# named-checkzone pasteur-cayenne.fr<http://pasteur-cayenne.fr> /var/named/external/db.pasteur-cayenne.fr<http://db.pasteur-cayenne.fr>
zone pasteur-cayenne.fr/IN:<http://pasteur-cayenne.fr/IN:> loaded serial 2019120810
OK

But It still does not give the dmarc ANSWER SECTION expected :
# dig IN txt _dmarc.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr>. @ara.pasteur-cayenne.fr.

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> IN txt _dmarc.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr>. @ara.pasteur-cayenne.fr.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4753
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_dmarc.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr>.     IN      TXT

;; AUTHORITY SECTION:
_dmarc.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr>. 3600 IN      NS      ara.pasteur-cayenne.fr<http://ara.pasteur-cayenne.fr>.

;; ADDITIONAL SECTION:
ara.pasteur-cayenne.fr<http://ara.pasteur-cayenne.fr>. 3600    IN      A       186.2.246.17

;; Query time: 0 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: mar. déc. 10 11:42:21 -03 2019
;; MSG SIZE  rcvd: 88



Le 10/12/2019 à 10:46, Ondřej Surý a écrit :

Also the record on the next line looks suspicious:

        IN      NS      ara.pasteur-cayenne.fr<http://ara.pasteur-cayenne.fr>.

I am very sorry because I am not very used with bind.

"ara" is the primary DNS for internet.

Is this line redundant with the line before ?
                       NS      ara.pasteur-cayenne.fr<http://ara.pasteur-cayenne.fr>.


As you delegated the whole subdomain to ara.p-c.fr<http://ara.p-c.fr> again:


$ dig IN TXT _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr>. @ara.pasteur-cayenne.fr.

; <<>> DiG 9.11.8 <<>> IN TXT _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr>. @ara.pasteur-cayenne.fr.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52693
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 35c43e4d3150d78270cae65e5defa16cbf8158df5e59c89c (good)
;; QUESTION SECTION:
;_dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr>. IN TXT

;; AUTHORITY SECTION:
_dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr>. 3600 IN NS ara.pasteur-cayenne.fr<http://ara.pasteur-cayenne.fr>.

;; ADDITIONAL SECTION:
ara.pasteur-cayenne.fr<http://ara.pasteur-cayenne.fr>.  3600    IN      A       186.2.246.17

;; Query time: 192 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: Tue Dec 10 14:45:16 CET 2019
;; MSG SIZE  rcvd: 135

I don’t think it was an intent.

Ondrej
--
Ondřej Surý
ondrej at isc.org<mailto:ondrej at isc.org>



On 10 Dec 2019, at 14:37, Niall O'Reilly <niall.oreilly at ucd.ie><mailto:niall.oreilly at ucd.ie> wrote:

On 10 Dec 2019, at 13:30, Edouard Guigné wrote:



; DMARC
_dmarc.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr> IN      TXT     ( "v=DMARC1; p=none; "
          "rua=[mailto:dmarc at pasteur-cayenne.fr](<mailto:dmarc at pasteur-cayenne.fr><mailto:dmarc at pasteur-cayenne.fr>); pct=5; "
          "sp=none; aspf=r" )


Instead of "_dmarc.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr>", you should put "_dmarc",
leaving out ".pasteur-cayenne.fr<http://pasteur-cayenne.fr>", just as you did for the DKIM
record.

Niall O'Reilly
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org<mailto:bind-users at lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users


[TurkNet]<https://turk.net/>
________________________________
Bu elektronik posta ve onunla iletilen bütün dosyalar sadece göndericisi tarafından alması amaçlanan yetkili gerçek ya da tüzel kişinin kullanımı içindir. Eğer söz konusu yetkili alıcı değilseniz bu elektronik postanın içeriğini açıklamanız, kopyalamanız, yönlendirmeniz ve kullanmanız kesinlikle yasaktır ve bu elektronik postayı derhal silmeniz gerekmektedir. TurkNet bu mesajın içerdiği bilgilerin doğruluğu veya eksiksiz olduğu konusunda herhangi bir garanti vermemektedir. Bu nedenle bu bilgilerin ne şekilde olursa olsun içeriğinden, iletilmesinden, alınmasından ve saklanmasından sorumlu değildir. Bu mesajdaki görüşler yalnızca gönderen kişiye aittir ve TurkNet'in görüşlerini yansıtmayabilir. Bu e-posta bilinen bütün bilgisayar virüslerine karşı taranmıştır.
________________________________________
This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient you are hereby notified that any dissemination, forwarding, copying or use of any of the information is strictly prohibited, and the e-mail should immediately be deleted. TurkNet makes no warranty as to the accuracy or completeness of any information contained in this message and hereby excludes any liability of any kind for the information contained therein or for the information transmission, reception, storage or use of such in any way whatsoever. The opinions expressed in this message belong to sender alone and may not necessarily reflect the opinions of TurkNet. This e-mail has been scanned for all known computer viruses.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20191210/12fe8749/attachment-0001.htm>

More information about the bind-users mailing list