dkim cname records replication

McDonald, Daniel (Dan) Dan.McDonald at austinenergy.com
Tue May 23 01:55:53 UTC 2017


In this case, Microsoft names the records selector1._domainkeys.example.com and selector2._domainkeys.example.com. The poster said he was running bind 9.9.5, which to my knowledge doesn't support leading underscores without check-names ignore.

Get Outlook for iOS<https://aka.ms/o0ukef>



On Mon, May 22, 2017 at 8:45 PM -0500, "Mark Andrews" <marka at isc.org<mailto:marka at isc.org>> wrote:



In message , "McDonald, Daniel (Dan)" writes:
> You need to add check-names ignore;  to the zone definition when dealing
> with active directory.  That ignores the invalid underscore character.

DKIM is not active directory.  Named can serve DKIM records without
adding "check-names ignore;" to named.conf.

The latest versions of named don't need "check-names ignore;" to
serve AD zones with gc._msdcs. (BIND 9.9.10, 9.10.5, 9.11.1).

It also doesn't help that Microsoft confuses "Host Name" with "Owner
Name" / "Record Name" / "Domain Name" in the documentation referenced
below.  Host name has a specific meaning and the documentation
referenced there is just plain wrong in its use of "Host Name".

Mark

> From: bind-users  on behalf of Vidal
> Garza
> Date: Monday, May 22, 2017 at 10:31
> To: Bind Users
> Subject: dkim cname records replication
>
> Hello List,
>
> I have this question about replication.
>
> I have a replication between BIND 9.9.5-3.
> We try to make dkim work with Microsoft office 365. In the documentation
> they said that it should be a CNAME record with the sectors and it works
> in the master. The problem is in the slave, with the name and the
> underscore character.
>
> I wonder if bind support the underscore character? Or if someone has link
> that help me.
>
> Reference:
> https://technet.microsoft.com/en-us/library/mt695945(v=exchg.150).aspx
>
> Thanks in advance!
>
>

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170523/3783a6d7/attachment-0001.html>


More information about the bind-users mailing list