dkim cname records replication
McDonald, Daniel (Dan)
Dan.McDonald at austinenergy.com
Tue May 23 02:23:17 UTC 2017
That's great! I've disabled checknames for over a decade because I couldn't get AD to work without it when I first set it up, and hadn't tried without it since. I'll go play in the lab tomorrow and see if I can turn that back on in production with the squirrelly version my distro provides ( they call it 9.9.1-400, or something like that. Every security patch applied, since 9.9.1, some of the bug fixes applied)
Get Outlook for iOS<https://aka.ms/o0ukef>
On Mon, May 22, 2017 at 9:11 PM -0500, "Mark Andrews" <marka at isc.org<mailto:marka at isc.org>> wrote:
In message , "McDonald, Daniel
> In this case, Microsoft names the records
> selector1._domainkeys.example.com and selector2._domainkeys.example.com.
> The poster said he was running bind 9.9.5, which to my knowledge doesn't
> support leading underscores without check-names ignore.
Named DOES support underscore. It stops you using underscore in
HOSTNAME contexts which definitely don't apply to DKIM records.
* The owner name of a A record. This is what bites with AD as
there is a A record at gc._msdcs.. An exception has
been added for this prefix (gc._msdcs) recently.
* The owner name of a AAAA record.
* The names of nameservers (NS rdata).
* The owner names of MX records.
* The names of mail exchangers (MX rdata).
DKIM uses underscores so that the owner names of the records it
uses do not clash with the syntax of valid hostnames. DKIM does
no use A, AAAA or MX records at these names. This is also why SRV
uses records with underscore prefixes.
> Get Outlook for iOS
> On Mon, May 22, 2017 at 8:45 PM -0500, "Mark Andrews"
> > wrote:
> In message , "McDonald, Daniel (Dan)" writes:
> > You need to add check-names ignore; to the zone definition when dealing
> > with active directory. That ignores the invalid underscore character.
> DKIM is not active directory. Named can serve DKIM records without
> adding "check-names ignore;" to named.conf.
> The latest versions of named don't need "check-names ignore;" to
> serve AD zones with gc._msdcs. (BIND 9.9.10, 9.10.5, 9.11.1).
> It also doesn't help that Microsoft confuses "Host Name" with "Owner
> Name" / "Record Name" / "Domain Name" in the documentation referenced
> below. Host name has a specific meaning and the documentation
> referenced there is just plain wrong in its use of "Host Name".
> > From: bind-users on behalf of Vidal
> > Garza
> > Date: Monday, May 22, 2017 at 10:31
> > To: Bind Users
> > Subject: dkim cname records replication
> > Hello List,
> > I have this question about replication.
> > I have a replication between BIND 9.9.5-3.
> > We try to make dkim work with Microsoft office 365. In the documentation
> > they said that it should be a CNAME record with the sectors and it works
> > in the master. The problem is in the slave, with the name and the
> > underscore character.
> > I wonder if bind support the underscore character? Or if someone has
> > that help me.
> > Reference:
> > https://technet.microsoft.com/en-us/library/mt695945(v=exchg.150).aspx
> > Thanks in advance!
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the bind-users