Setting Up An Running Your Own Dmarc using Bind DNS
Bruce Johnson
johnson at Pharmacy.Arizona.EDU
Mon Jun 27 18:59:34 UTC 2022
On Jun 27, 2022, at 11:34 AM, Stephane Bortzmeyer <bortzmeyer at nic.fr<mailto:bortzmeyer at nic.fr>> wrote:
Also, I do not understand the writing of "hundreds of lines of
code". The code to load DMARC records is in BIND for a very long time
since they are just TXT records.
@ IN TXT v=DMARC1; p=reject; rua=mailto:dmarc_report at mail.netassoc.net;
ruf=mailto:demarc_forensic at mail.netassoc.net; fo=1;
Quotes, may be?
Yes this part needs to be in quotes"v=DMARC1; p=reject; rua=mailto:dmarc_report at mail.netassoc.net ruf=mailto:demarc_forensic at mail.netassoc.net; fo=1;"
Also, DMARC records need to be at _dmarc under the apex, not at the
apex.
I found this to be a very helpful guide to setting up DMARC in bind. it has examples:
https://www.sonicwall.com/support/knowledge-base/what-is-a-dmarc-record-and-how-do-i-create-it-on-dns-server/170504796167071/
here is a good site with tools to check DMARC, DKIM and SPF records. https://www.dmarcanalyzer.com/dmarc/
I think cname "_dmarc.netassoc.net<http://dmarc.netassoc.net>. IN CNAME netassoc.net<http://netassoc.net>.” is not needed. The _dmarc.netassoc.net<http://dmarc.netassoc.net> entry identifies netassoc.net<http://netaccoc.net> as the domain the dmarc record is for. At least I do not have that CNAME set for my domain and DMARC passes all the tests.
--
Bruce Johnson
University of Arizona
College of Pharmacy
Information Technology Group
Institutions do not have opinions, merely customs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220627/a0c30ab2/attachment-0001.htm>
More information about the bind-users
mailing list