dkim cname records replication

McDonald, Daniel (Dan) Dan.McDonald at
Tue May 23 01:55:53 UTC 2017

In this case, Microsoft names the records and The poster said he was running bind 9.9.5, which to my knowledge doesn't support leading underscores without check-names ignore.

Get Outlook for iOS<>

On Mon, May 22, 2017 at 8:45 PM -0500, "Mark Andrews" <marka at<mailto:marka at>> wrote:

In message , "McDonald, Daniel (Dan)" writes:
> You need to add check-names ignore;  to the zone definition when dealing
> with active directory.  That ignores the invalid underscore character.

DKIM is not active directory.  Named can serve DKIM records without
adding "check-names ignore;" to named.conf.

The latest versions of named don't need "check-names ignore;" to
serve AD zones with gc._msdcs. (BIND 9.9.10, 9.10.5, 9.11.1).

It also doesn't help that Microsoft confuses "Host Name" with "Owner
Name" / "Record Name" / "Domain Name" in the documentation referenced
below.  Host name has a specific meaning and the documentation
referenced there is just plain wrong in its use of "Host Name".


> From: bind-users  on behalf of Vidal
> Garza
> Date: Monday, May 22, 2017 at 10:31
> To: Bind Users
> Subject: dkim cname records replication
> Hello List,
> I have this question about replication.
> I have a replication between BIND 9.9.5-3.
> We try to make dkim work with Microsoft office 365. In the documentation
> they said that it should be a CNAME record with the sectors and it works
> in the master. The problem is in the slave, with the name and the
> underscore character.
> I wonder if bind support the underscore character? Or if someone has link
> that help me.
> Reference:
> Thanks in advance!

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list