How to set up a dmarc record ?

Discussion:

(too old to reply)

Edouard Guigné

2019-12-10 12:56:43 UTC

Dear all,

I am using bind 9.11.4-9.P2 installed on a centos 7 with yum.

I am seting dkim and dmarc record for a mail server.

I succeeded to set the dkim record ( a test with # dig txt + short ...
works)

But I am stucked with dmarc record.
I filled my zone file like this :

...
$ORIGIN my-domain.fr.
...
@Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â 86400Â Â Â IN TXTÂ Â "v=spf1 a mx -all"

selector._domainkey IN INÂ Â Â Â Â TXTÂ Â Â Â ( "v=DKIM1; k=rsa; "
Â Â Â Â Â Â Â Â Â "p=..." )

_dmarcÂ Â Â Â Â Â INÂ TXT "v=DMARC1; p=none; rua=mailto:***@my-domain.fr;
pct=5; sp=none; aspf=r"
...

A test with the dig command does not give answer :
# dig txt +short _dmarc.my-domain.fr

May someone help me to make it works ?

Best Regards,

EdG

Ondřej Surý

2019-12-10 13:11:27 UTC

Permalink

Hi Edouard,

I would start by **not** anonymizing domains you want to help with. What’s the point of using my-domain.fr anyway?

$ dig +short IN TXT pasteur-cayenne.fr
"v=spf1 a mx -all"

There’s no shame in having a problem you can’t solve yourself. We’ve all been there. Disguising the real domain is very often misleading and prevents other people from helping you.

I would start by checking the correctness of the zone file (with named-checkzone) and making sure you bumped the serial number in SOA and you reloaded the zone.

Ondrej
--
Ondřej Surý

Post by Edouard GuignÃ©
Dear all,
I am using bind 9.11.4-9.P2 installed on a centos 7 with yum.
I am seting dkim and dmarc record for a mail server.
I succeeded to set the dkim record ( a test with # dig txt + short ... works)
But I am stucked with dmarc record.
...
$ORIGIN my-domain.fr.
...
@ 86400 IN TXT "v=spf1 a mx -all"
selector._domainkey IN IN TXT ( "v=DKIM1; k=rsa; "
"p=..." )
...
# dig txt +short _dmarc.my-domain.fr
May someone help me to make it works ?
Best Regards,
EdG
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users

Edouard Guigné

2019-12-10 13:30:03 UTC

Permalink

Hello,

Thank you for your answer.
I apologize to not have put my real domain ; this was the first time I
am asking help on this list andWaht was not confident.

So this is a dump of my zone file :
;
; BIND data file for local pasteur-cayenne.fr
;
$TTLÂ Â Â 604800
@Â Â Â Â Â Â INÂ Â Â Â Â SOAÂ Â Â Â ara.pasteur-cayenne.fr.
hostmaster.pasteur-cayenne.fr. (
Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â 2019120809Â Â Â ;
Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â 7200Â Â Â Â Â Â Â Â ;
Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â 3600Â Â Â Â Â Â Â Â ;
Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â 1209600Â Â Â Â Â Â Â ;
Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â 86400 )Â Â Â Â Â ;

$TTL 86400Â Â Â Â Â ; 1 day
Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â NSÂ Â Â Â Â ara.pasteur-cayenne.fr.
Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â NSÂ Â Â Â Â ns6.oleane.net.
Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â NSÂ Â Â Â Â ns7.oleane.net.
$TTL 3600Â Â Â Â Â Â ; 1 hour
Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â MXÂ Â Â Â Â 0 smtp.pasteur-cayenne.fr.
$ORIGIN pasteur-cayenne.fr.

@Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â 86400Â Â Â IN TXTÂ Â "v=spf1 a mx -all"
@Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â 86400Â Â Â IN SPFÂ Â "v=spf1 a mx -all"

; DKIM
; ----- DKIM key 1C8CAD 5A-194F-11EA-BDA2-7FCBBE1B5136 for
pasteur-cayenne.fr

1C8CAD5A-194F-11EA-BDA2-7FCBBE1B5136._domainkey INÂ Â Â Â Â TXT ( "v=DKIM1;
k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtz9uhHIP6BeOL170uRLNtGD8Al/Dk3RHnB2oqaTpQUYojtnzq+J6CjyTGLlsX1aZk7Nbjxj13vf//O3tASV34QH1ozGEEmHptI953Qk9qLq6AUO+OZ1pkQ+8Z/VqXCbe5GLqDg1+lXI6T3zWN2FQNrUCm4HZ952jrrKSJET2dGYKLp49fUI6LZd15VSwTO+3DKAtpa16gbxbIu"
"Jxo3Jcd/pxQhWUYVmMA0/ZR4H0ZljD2EVGeSnNKNbCB3mOXFKTI/zW8Liqf+HpNs69qcmUvHlTCSokOlp/KT1AcSpfgnqAG3gwiyc2gFM+lgPX8c8bfd+8O64GX3zM17QGwbvf1wIDAQAB"
)

; DMARC
_dmarc.pasteur-cayenne.fr INÂ Â Â Â Â TXTÂ Â Â Â ( "v=DMARC1; p=none; "
Â Â Â Â Â Â Â Â Â "rua=mailto:***@pasteur-cayenne.fr; pct=5; "
Â Â Â Â Â Â Â Â Â "sp=none; aspf=r" )

Â Â Â Â Â Â INÂ Â Â Â Â NS ara.pasteur-cayenne.fr.
araÂ Â Â Â Â Â Â Â Â Â Â Â AÂ Â Â Â Â Â 186.2.246.17
smtpÂ Â Â Â Â Â Â Â AÂ Â Â Â Â Â 186.2.246.17

Why my DKIM record is working and not my dmarc record ?

here is the result of command named-checkzone :

# named-checkzone pasteur-cayenne.fr
/var/named/external/db.pasteur-cayenne.fr
zone pasteur-cayenne.fr/IN: loaded serial 2019120809
OK

here is my dig test, which return nothing :
# dig txt +short _dmarc.pasteur-cayenne.fr @ara.pasteur-cayenne.fr

instead dig test for dkim gives :
# dig txt +short
1C8CAD5A-194F-11EA-BDA2-7FCBBE1B5136._domainkey.pasteur-cayenne.fr
@ara.pasteur-cayenne.fr
"v=DKIM1; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtz9uhHIP6BeOL170uRLNtGD8Al/Dk3RHnB2oqaTpQUYojtnzq+J6CjyTGLlsX1aZk7Nbjxj13vf//O3tASV34QH1ozGEEmHptI953Qk9qLq6AUO+OZ1pkQ+8Z/VqXCbe5GLqDg1+lXI6T3zWN2FQNrUCm4HZ952jrrKSJET2dGYKLp49fUI6LZd15VSwTO+3DKAtpa16gbxbIu"
"Jxo3Jcd/pxQhWUYVmMA0/ZR4H0ZljD2EVGeSnNKNbCB3mOXFKTI/zW8Liqf+HpNs69qcmUvHlTCSokOlp/KT1AcSpfgnqAG3gwiyc2gFM+lgPX8c8bfd+8O64GX3zM17QGwbvf1wIDAQAB"

Post by OndÅej SurÃ½
Hi Edouard,
I would start by **not** anonymizing domains you want to help with. Whatâs the point of using my-domain.fr anyway?
$ dig +short IN TXT pasteur-cayenne.fr
"v=spf1 a mx -all"
Thereâs no shame in having a problem you canât solve yourself. Weâve all been there. Disguising the real domain is very often misleading and prevents other people from helping you.
I would start by checking the correctness of the zone file (with named-checkzone) and making sure you bumped the serial number in SOA and you reloaded the zone.
Ondrej
--
OndÅej SurÃœ

Niall O'Reilly

2019-12-10 13:37:53 UTC

Permalink

Post by Edouard GuignÃ©
; DMARC
_dmarc.pasteur-cayenne.fr IN      TXT     ( "v=DMARC1;
p=none; "

pct=5; "
          "sp=none; aspf=r" )

Instead of "_dmarc.pasteur-cayenne.fr", you should put "_dmarc",
leaving out ".pasteur-cayenne.fr", just as you did for the DKIM
record.

Niall O'Reilly

Ondřej Surý

2019-12-10 13:46:20 UTC

Permalink

Also the record on the next line looks suspicious:

IN NS ara.pasteur-cayenne.fr.

As you delegated the whole subdomain to ara.p-c.fr again:

$ dig IN TXT _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. @ara.pasteur-cayenne.fr.

; <<>> DiG 9.11.8 <<>> IN TXT _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. @ara.pasteur-cayenne.fr.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52693
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 35c43e4d3150d78270cae65e5defa16cbf8158df5e59c89c (good)
;; QUESTION SECTION:
;_dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. IN TXT

;; AUTHORITY SECTION:
_dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. 3600 IN NS ara.pasteur-cayenne.fr.

;; ADDITIONAL SECTION:
ara.pasteur-cayenne.fr. 3600 IN A 186.2.246.17

;; Query time: 192 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: Tue Dec 10 14:45:16 CET 2019
;; MSG SIZE rcvd: 135

I don’t think it was an intent.

Ondrej
--
Ondřej Surý

Post by Niall O'Reilly

Post by Edouard GuignÃ©
; DMARC
_dmarc.pasteur-cayenne.fr IN TXT ( "v=DMARC1; p=none; "
"sp=none; aspf=r" )

Instead of "_dmarc.pasteur-cayenne.fr", you should put "_dmarc",
leaving out ".pasteur-cayenne.fr", just as you did for the DKIM
record.
Niall O'Reilly
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users

Mark Elkins

2019-12-10 13:58:19 UTC

Permalink

The reason why is because you don't have a '.' at the end of
"_dmarc.pasteur-cayenne.fr" so what you really have in your zone file
is... "_dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr."

Another way of seeing this would be to do an AXFR of your zone - these
mistakes then jump out at you!

Why do you have "NS ara.pasteur-cayenne.fr." twice ???Â That may confuse
you in the future.

Post by Niall O'Reilly

Post by Edouard GuignÃ©
; DMARC
_dmarc.pasteur-cayenne.fr INÂ Â Â Â Â TXTÂ Â Â Â ( "v=DMARC1; p=none; "
pct=5; "
Â Â Â Â Â Â Â Â Â "sp=none; aspf=r" )

Instead of "_dmarc.pasteur-cayenne.fr", you should put "_dmarc",
leaving out ".pasteur-cayenne.fr", just as you did for the DKIM
record.
Niall O'Reilly
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users

--
Mark James ELKINSÂ -Â Posix Systems - (South) Africa
***@posix.co.za Tel: +27.826010496 <tel:+27826010496>
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za

Posix SystemsVCARD for MJ Elkins

Edouard Guigné

2019-12-10 14:51:47 UTC

Permalink

Hello,

I changed to "_dmarc" instead of "_dmarc.pasteur-cayenne.fr"
_dmarc INÂ Â Â Â Â TXTÂ Â Â Â ( "v=DMARC1; p=none; "
Â Â Â Â Â Â Â Â Â "rua=mailto:***@pasteur-cayenne.fr; pct=5; "
Â Â Â Â Â Â Â Â Â "sp=none; aspf=r" )

My zone file is updated :
# named-checkzone pasteur-cayenne.fr
/var/named/external/db.pasteur-cayenne.fr
zone pasteur-cayenne.fr/IN: loaded serial 2019120810
OK

But It still does not give the dmarc ANSWER SECTION expected :
# dig IN txt _dmarc.pasteur-cayenne.fr. @ara.pasteur-cayenne.fr.

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> IN txt
_dmarc.pasteur-cayenne.fr. @ara.pasteur-cayenne.fr.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4753
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_dmarc.pasteur-cayenne.fr.Â Â Â Â INÂ Â Â Â Â TXT

;; AUTHORITY SECTION:
_dmarc.pasteur-cayenne.fr. 3600 INÂ Â Â Â Â NS ara.pasteur-cayenne.fr.

;; ADDITIONAL SECTION:
ara.pasteur-cayenne.fr. 3600Â Â Â INÂ Â Â Â Â AÂ Â Â Â Â Â 186.2.246.17

;; Query time: 0 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: mar. dÃÂ©c. 10 11:42:21 -03 2019
;; MSG SIZEÂ rcvd: 88

Post by OndÅej SurÃ½
IN NS ara.pasteur-cayenne.fr.

I am very sorry because I am not very used with bind.

"ara" is the primary DNS for internet.

Is this line redundant with the line before ?
Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â NSÂ Â Â Â Â ara.pasteur-cayenne.fr.

Post by OndÅej SurÃ½
;; global options: +cmd
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52693
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 35c43e4d3150d78270cae65e5defa16cbf8158df5e59c89c (good)
;_dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. IN TXT
_dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. 3600 IN NS ara.pasteur-cayenne.fr.
ara.pasteur-cayenne.fr. 3600 IN A 186.2.246.17
;; Query time: 192 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: Tue Dec 10 14:45:16 CET 2019
;; MSG SIZE rcvd: 135
I donât think it was an intent.
Ondrej
--
OndÅej SurÃœ

Post by Niall O'Reilly

Post by Edouard GuignÃ©
; DMARC
_dmarc.pasteur-cayenne.fr IN TXT ( "v=DMARC1; p=none; "
"sp=none; aspf=r" )

Edouard Guigné

2019-12-10 16:43:05 UTC

Permalink

Hello,

What is wrong with my file zone ?
Why espcially for _dmarc IN TXT
I cannot get the ANSWER SECTION with a dig command ?

Best Regards,

Ed

-------- Message transfÃ©rÃ© --------
SujetÂ : Re: How to set up a dmarc record ?
DateÂ : Tue, 10 Dec 2019 11:51:47 -0300
DeÂ : Edouard GuignÃ© via bind-users <bind-***@lists.isc.org>
RÃ©pondre Ã Â : Edouard GuignÃ© <***@pasteur-cayenne.fr>
PourÂ : bind-***@lists.isc.org >> bind-users <bind-***@lists.isc.org>

Hello,

I changed to "_dmarc" instead of "_dmarc.pasteur-cayenne.fr"
_dmarc INÂ Â Â Â Â TXTÂ Â Â Â ( "v=DMARC1; p=none; "
Â Â Â Â Â Â Â Â Â "rua=mailto:***@pasteur-cayenne.fr; pct=5; "
Â Â Â Â Â Â Â Â Â "sp=none; aspf=r" )

My zone file is updated :
# named-checkzone pasteur-cayenne.fr
/var/named/external/db.pasteur-cayenne.fr
zone pasteur-cayenne.fr/IN: loaded serial 2019120810
OK

But It still does not give the dmarc ANSWER SECTION expected :
# dig IN txt _dmarc.pasteur-cayenne.fr. @ara.pasteur-cayenne.fr.

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> IN txt
_dmarc.pasteur-cayenne.fr. @ara.pasteur-cayenne.fr.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4753
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_dmarc.pasteur-cayenne.fr.Â Â Â Â INÂ Â Â Â Â TXT

;; AUTHORITY SECTION:
_dmarc.pasteur-cayenne.fr. 3600 INÂ Â Â Â Â NS ara.pasteur-cayenne.fr.

;; ADDITIONAL SECTION:
ara.pasteur-cayenne.fr. 3600Â Â Â INÂ Â Â Â Â AÂ Â Â Â Â Â 186.2.246.17

;; Query time: 0 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: mar. dÃÂ©c. 10 11:42:21 -03 2019
;; MSG SIZEÂ rcvd: 88

Post by OndÅej SurÃ½
IN NS ara.pasteur-cayenne.fr.

Post by Niall O'Reilly

Post by Edouard GuignÃ©
; DMARC
_dmarc.pasteur-cayenne.fr IN TXT ( "v=DMARC1; p=none; "
"sp=none; aspf=r" )

Instead of "_dmarc.pasteur-cayenne.fr", you should put "_dmarc",
leaving out ".pasteur-cayenne.fr", just as you did for the DKIM
record.
Niall O'Reilly
_______________________________________________
Please visithttps://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users

Ondřej Surý

2019-12-10 16:46:56 UTC

Permalink

Well, I already told you whatâs wrong and you ignored that part. Please read it again and understand what it means to delegate a part of the zone. Your problems are not specific to BIND 9, itâs just your zone file is wrong.

Ondrej
--
OndÅej SurÃœ â ISC

Post by Edouard GuignÃ©
ï»¿
Hello,
What is wrong with my file zone ?
Why espcially for _dmarc IN TXT
I cannot get the ANSWER SECTION with a dig command ?
Best Regards,
Ed
-------- Message transfÃ©rÃ© --------
Sujet : Re: How to set up a dmarc record ?
Date : Tue, 10 Dec 2019 11:51:47 -0300
Hello,
I changed to "_dmarc" instead of "_dmarc.pasteur-cayenne.fr"
_dmarc IN TXT ( "v=DMARC1; p=none; "
"sp=none; aspf=r" )
# named-checkzone pasteur-cayenne.fr /var/named/external/db.pasteur-cayenne.fr
zone pasteur-cayenne.fr/IN: loaded serial 2019120810
OK
;; global options: +cmd
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4753
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
; EDNS: version: 0, flags:; udp: 4096
;_dmarc.pasteur-cayenne.fr. IN TXT
_dmarc.pasteur-cayenne.fr. 3600 IN NS ara.pasteur-cayenne.fr.
ara.pasteur-cayenne.fr. 3600 IN A 186.2.246.17
;; Query time: 0 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: mar. dÃÂ©c. 10 11:42:21 -03 2019
;; MSG SIZE rcvd: 88

Post by OndÅej SurÃ½
IN NS ara.pasteur-cayenne.fr.

I am very sorry because I am not very used with bind.
"ara" is the primary DNS for internet.
Is this line redundant with the line before ?
NS ara.pasteur-cayenne.fr.

Post by Niall O'Reilly

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users

Edouard Guigné

2019-12-11 11:40:37 UTC

Permalink

Hello,

Yes, my problem is fixed !

Thank you very much

If I query your zone. It give me answer you wanted. Is your problem
continues or fixed?
; <<>> DiG 9.10.6 <<>> IN txt _dmarc.pasteur-cayenne.fr
;; global options: +cmd
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33317
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 2
;; WARNING: recursion requested but not available
; EDNS: version: 0, flags:; udp: 4096
;_dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>.INTXT
_dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>.
pct=5; " "sp=none; aspf=r"
pasteur-cayenne.fr <http://pasteur-cayenne.fr>.86400INNSns6.oleane.net
<http://ns6.oleane.net>.
pasteur-cayenne.fr
<http://pasteur-cayenne.fr>.86400INNSara.pasteur-cayenne.fr
<http://ara.pasteur-cayenne.fr>.
pasteur-cayenne.fr <http://pasteur-cayenne.fr>.86400INNSns7.oleane.net
<http://ns7.oleane.net>.
ara.pasteur-cayenne.fr <http://ara.pasteur-cayenne.fr>.3600INA186.2.246.17
;; Query time: 221 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: Tue Dec 10 23:21:21 +03 2019
;; MSG SIZE Â rcvd: 226

Post by OndÅej SurÃ½
Well, I already told you whatâs wrong and you ignored that part.
Please read it again and understand what it means to delegate a part
of the zone. Your problems are not specific to BIND 9, itâs just your
zone file is wrong.
Ondrej
--
OndÅej SurÃœ â ISC

On 10 Dec 2019, at 17:43, Edouard GuignÃ© via bind-users
ï»¿
Hello,
What is wrong with my file zone ?
Why espcially for _dmarc IN TXT
I cannot get the ANSWER SECTION with a dig command ?
Best Regards,
Ed
-------- Message transfÃ©rÃ© --------
SujetÂ : Re: How to set up a dmarc record ?
DateÂ : Tue, 10 Dec 2019 11:51:47 -0300
Hello,
I changed to "_dmarc" instead of "_dmarc.pasteur-cayenne.fr
<http://dmarc.pasteur-cayenne.fr>"
_dmarc INÂ Â Â Â Â TXT ( "v=DMARC1; p=none; "
Â Â Â Â Â Â Â Â Â "sp=none; aspf=r" )
# named-checkzone pasteur-cayenne.fr <http://pasteur-cayenne.fr>
/var/named/external/db.pasteur-cayenne.fr <http://db.pasteur-cayenne.fr>
zone pasteur-cayenne.fr/IN: <http://pasteur-cayenne.fr/IN:> loaded
serial 2019120810
OK
# dig IN txt _dmarc.pasteur-cayenne.fr
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> IN txt
_dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>.
@ara.pasteur-cayenne.fr.
;; global options: +cmd
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4753
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
; EDNS: version: 0, flags:; udp: 4096
;_dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>.
INÂ Â Â Â Â TXT
_dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>. 3600
INÂ Â Â Â Â NS ara.pasteur-cayenne.fr <http://ara.pasteur-cayenne.fr>.
ara.pasteur-cayenne.fr <http://ara.pasteur-cayenne.fr>. 3600Â Â Â
INÂ Â Â Â Â AÂ Â Â Â Â Â 186.2.246.17
;; Query time: 0 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: mar. dÃÂ©c. 10 11:42:21 -03 2019
;; MSG SIZEÂ rcvd: 88

IN NSara.pasteur-cayenne.fr <http://ara.pasteur-cayenne.fr>.

I am very sorry because I am not very used with bind.
"ara" is the primary DNS for internet.
Is this line redundant with the line before ?
Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â NS ara.pasteur-cayenne.fr
<http://ara.pasteur-cayenne.fr>.

;; global options: +cmd
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52693
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 35c43e4d3150d78270cae65e5defa16cbf8158df5e59c89c (good)
;_dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr>. IN TXT
_dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr>. 3600 IN NSara.pasteur-cayenne.fr <http://ara.pasteur-cayenne.fr>.
ara.pasteur-cayenne.fr <http://ara.pasteur-cayenne.fr>. 3600 IN A 186.2.246.17
;; Query time: 192 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: Tue Dec 10 14:45:16 CET 2019
;; MSG SIZE rcvd: 135
I donât think it was an intent.
Ondrej
--
OndÅej SurÃœ

Post by Edouard GuignÃ©
; DMARC
_dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr> IN TXT ( "v=DMARC1; p=none; "
"sp=none; aspf=r" )

Instead of "_dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>", you should put "_dmarc",
leaving out ".pasteur-cayenne.fr <http://pasteur-cayenne.fr>", just as you did for the DKIM
record.
Niall O'Reilly
_______________________________________________
Please visithttps://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users
<https://lists.isc.org/mailman/listinfo/bind-users> to unsubscribe
from this list
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users

TurkNet <https://turk.net/>
------------------------------------------------------------------------
Bu elektronik posta ve onunla iletilen bÃŒtÃŒn dosyalar sadece
gÃ¶ndericisi tarafÄ±ndan almasÄ± amaÃ§lanan yetkili gerÃ§ek ya da tÃŒzel
kiÅinin kullanÄ±mÄ± iÃ§indir. EÄer sÃ¶z konusu yetkili alÄ±cÄ± deÄilseniz bu
elektronik postanÄ±n iÃ§eriÄini aÃ§Ä±klamanÄ±z, kopyalamanÄ±z,
yÃ¶nlendirmeniz ve kullanmanÄ±z kesinlikle yasaktÄ±r ve bu elektronik
postayÄ± derhal silmeniz gerekmektedir. TurkNet bu mesajÄ±n iÃ§erdiÄi
bilgilerin doÄruluÄu veya eksiksiz olduÄu konusunda herhangi bir
garanti vermemektedir. Bu nedenle bu bilgilerin ne Åekilde olursa
olsun iÃ§eriÄinden, iletilmesinden, alÄ±nmasÄ±ndan ve saklanmasÄ±ndan
sorumlu deÄildir. Bu mesajdaki gÃ¶rÃŒÅler yalnÄ±zca gÃ¶nderen kiÅiye
aittir ve TurkNet'in gÃ¶rÃŒÅlerini yansÄ±tmayabilir. Bu e-posta bilinen
bÃŒtÃŒn bilgisayar virÃŒslerine karÅÄ± taranmÄ±ÅtÄ±r.
________________________________________
This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you are not the intended recipient you are hereby
notified that any dissemination, forwarding, copying or use of any of
the information is strictly prohibited, and the e-mail should
immediately be deleted. TurkNet makes no warranty as to the accuracy
or completeness of any information contained in this message and
hereby excludes any liability of any kind for the information
contained therein or for the information transmission, reception,
storage or use of such in any way whatsoever. The opinions expressed
in this message belong to sender alone and may not necessarily reflect
the opinions of TurkNet. This e-mail has been scanned for all known
computer viruses.

Continue reading on narkive:

Search results for 'How to set up a dmarc record ?' (Questions and Answers)

replies

How can I send message from localhost into gmail?

started 2014-07-16 10:41:55 UTC

google

replies

Can Two email address exist? I created the same email with same domain as someone who lives overseas,she uses an unregistered domain since?

started 2016-09-20 22:07:22 UTC

computer networking