How to set up a dmarc record ?

Edouard Guigné eguigne at pasteur-cayenne.fr
Tue Dec 10 13:30:03 UTC 2019 

Hello,

Thank you for your answer.
I apologize to not have put my real domain ; this was the first time I 
am asking help on this list andWaht was not confident.

So this is a dump of my zone file :
;
; BIND data file for local pasteur-cayenne.fr
;
$TTL    604800
@       IN      SOA     ara.pasteur-cayenne.fr. 
hostmaster.pasteur-cayenne.fr. (
                           2019120809    ;
                         7200         ;
                          3600         ;
                          1209600        ;
                            86400 )      ;

$TTL 86400      ; 1 day
                         NS      ara.pasteur-cayenne.fr.
                         NS      ns6.oleane.net.
                         NS      ns7.oleane.net.
$TTL 3600       ; 1 hour
                        MX      0 smtp.pasteur-cayenne.fr.
$ORIGIN pasteur-cayenne.fr.

@                      86400    IN TXT   "v=spf1 a mx -all"
@                      86400    IN SPF   "v=spf1 a mx -all"

; DKIM
; ----- DKIM key 1C8CAD 5A-194F-11EA-BDA2-7FCBBE1B5136 for 
pasteur-cayenne.fr

1C8CAD5A-194F-11EA-BDA2-7FCBBE1B5136._domainkey IN      TXT ( "v=DKIM1; 
k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtz9uhHIP6BeOL170uRLNtGD8Al/Dk3RHnB2oqaTpQUYojtnzq+J6CjyTGLlsX1aZk7Nbjxj13vf//O3tASV34QH1ozGEEmHptI953Qk9qLq6AUO+OZ1pkQ+8Z/VqXCbe5GLqDg1+lXI6T3zWN2FQNrUCm4HZ952jrrKSJET2dGYKLp49fUI6LZd15VSwTO+3DKAtpa16gbxbIu"
"Jxo3Jcd/pxQhWUYVmMA0/ZR4H0ZljD2EVGeSnNKNbCB3mOXFKTI/zW8Liqf+HpNs69qcmUvHlTCSokOlp/KT1AcSpfgnqAG3gwiyc2gFM+lgPX8c8bfd+8O64GX3zM17QGwbvf1wIDAQAB" 
)

; DMARC
_dmarc.pasteur-cayenne.fr IN      TXT     ( "v=DMARC1; p=none; "
           "rua=mailto:dmarc at pasteur-cayenne.fr; pct=5; "
           "sp=none; aspf=r" )

        IN      NS ara.pasteur-cayenne.fr.
ara             A       186.2.246.17
smtp         A       186.2.246.17

Why my DKIM record is working and not my dmarc record ?

here is the result of command named-checkzone :

# named-checkzone pasteur-cayenne.fr 
/var/named/external/db.pasteur-cayenne.fr
zone pasteur-cayenne.fr/IN: loaded serial 2019120809
OK

here is my dig test, which return nothing :
# dig txt +short _dmarc.pasteur-cayenne.fr @ara.pasteur-cayenne.fr

instead dig test for dkim gives :
# dig txt +short 
1C8CAD5A-194F-11EA-BDA2-7FCBBE1B5136._domainkey.pasteur-cayenne.fr 
@ara.pasteur-cayenne.fr
"v=DKIM1; k=rsa; " 
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtz9uhHIP6BeOL170uRLNtGD8Al/Dk3RHnB2oqaTpQUYojtnzq+J6CjyTGLlsX1aZk7Nbjxj13vf//O3tASV34QH1ozGEEmHptI953Qk9qLq6AUO+OZ1pkQ+8Z/VqXCbe5GLqDg1+lXI6T3zWN2FQNrUCm4HZ952jrrKSJET2dGYKLp49fUI6LZd15VSwTO+3DKAtpa16gbxbIu" 
"Jxo3Jcd/pxQhWUYVmMA0/ZR4H0ZljD2EVGeSnNKNbCB3mOXFKTI/zW8Liqf+HpNs69qcmUvHlTCSokOlp/KT1AcSpfgnqAG3gwiyc2gFM+lgPX8c8bfd+8O64GX3zM17QGwbvf1wIDAQAB"




Le 10/12/2019 à 10:11, Ondřej Surý a écrit :
> Hi Edouard,
>
> I would start by **not** anonymizing domains you want to help with. What’s the point of using my-domain.fr anyway?
>
> $ dig +short IN TXT pasteur-cayenne.fr
> "v=spf1 a mx -all"
>
> There’s no shame in having a problem you can’t solve yourself. We’ve all been there. Disguising the real domain is very often misleading and prevents other people from helping you.
>
> I would start by checking the correctness of the zone file (with named-checkzone) and making sure you bumped the serial number in SOA and you reloaded the zone.
>
> Ondrej
> --
> Ondřej Surý
> ondrej at isc.org
>
>> On 10 Dec 2019, at 13:56, Edouard Guigné <eguigne at pasteur-cayenne.fr> wrote:
>>
>> Dear all,
>>
>> I am using bind 9.11.4-9.P2 installed on a centos 7 with yum.
>>
>> I am seting dkim and dmarc record for a mail server.
>>
>> I succeeded to set the dkim record ( a test with # dig txt + short ... works)
>>
>> But I am stucked with dmarc record.
>> I filled my zone file like this :
>>
>> ...
>> $ORIGIN my-domain.fr.
>> ...
>> @                      86400    IN TXT   "v=spf1 a mx -all"
>>
>> selector._domainkey IN IN      TXT     ( "v=DKIM1; k=rsa; "
>>            "p=..." )
>>
>> _dmarc       IN  TXT "v=DMARC1; p=none; rua=mailto:dmarc at my-domain.fr; pct=5; sp=none; aspf=r"
>> ...
>>
>> A test with the dig command does not give answer :
>> # dig txt +short _dmarc.my-domain.fr
>>
>> May someone help me to make it works ?
>>
>> Best Regards,
>>
>> EdG
>>
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20191210/76082a3f/attachment-0001.htm>

More information about the bind-users mailing list