Setting Up An Running Your Own Dmarc using Bind DNS
Stephane Bortzmeyer
bortzmeyer at nic.fr
Mon Jun 27 18:34:55 UTC 2022
On Mon, Jun 27, 2022 at 02:16:26PM -0400,
daniel jay foran <jay.foran at mail.netassoc.net> wrote
a message of 370 lines which said:
> I cant be the only one that has racked his brains and written
> hundreds of lines of code trying to get ISC BIND 9 to authenticate
> Dmarc records correctly.
I'm not sure I understand you since it is clearly not BIND's job to
authenticate DMARC records. It loads them and serves them, period.
Also, I do not understand the writing of "hundreds of lines of
code". The code to load DMARC records is in BIND for a very long time
since they are just TXT records.
> @ IN TXT v=DMARC1; p=reject; rua=mailto:dmarc_report at mail.netassoc.net;
> ruf=mailto:demarc_forensic at mail.netassoc.net; fo=1;
Quotes, may be?
Also, DMARC records need to be at _dmarc under the apex, not at the
apex.
Then, the best way to test your DMARC records is to use an
auto-responder with diagnostics like ping at tools.mxtoolbox.com or
<https://www.mail-tester.com/>.
More information about the bind-users
mailing list