dkim cname records replication

Mark Andrews marka at
Tue May 23 01:45:41 UTC 2017

In message <EC243A44-7DEA-433A-B567-A61ACDF7AE2D at>, "McDonald, Daniel (Dan)" writes:
> You need to add check-names ignore;  to the zone definition when dealing
> with active directory.  That ignores the invalid underscore character.

DKIM is not active directory.  Named can serve DKIM records without
adding "check-names ignore;" to named.conf.

The latest versions of named don't need "check-names ignore;" to
serve AD zones with gc._msdcs.<forest> (BIND 9.9.10, 9.10.5, 9.11.1).

It also doesn't help that Microsoft confuses "Host Name" with "Owner
Name" / "Record Name" / "Domain Name" in the documentation referenced
below.  Host name has a specific meaning and the documentation
referenced there is just plain wrong in its use of "Host Name".


> From: bind-users <bind-users-bounces at> on behalf of Vidal
> Garza <vgarza at>
> Date: Monday, May 22, 2017 at 10:31
> To: Bind Users <bind-users at>
> Subject: dkim cname records replication
> Hello List,
> I have this question about replication.
> I have a replication between BIND 9.9.5-3.
> We try to make dkim work with Microsoft office 365. In the documentation
> they said that it should be a CNAME record with the sectors and it works
> in the master. The problem is in the slave, with the name and the
> underscore character.
> I wonder if bind support the underscore character? Or if someone has link
> that help me.
> Reference:
> Thanks in advance!

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at

More information about the bind-users mailing list