How to set up a dmarc record ?

Ondřej Surý ondrej at isc.org
Tue Dec 10 16:46:56 UTC 2019 

Well, I already told you what’s wrong and you ignored that part. Please read it again and understand what it means to delegate a part of the zone. Your problems are not specific to BIND 9, it’s just your zone file is wrong.

Ondrej
--
Ondřej Surý — ISC

> On 10 Dec 2019, at 17:43, Edouard Guigné via bind-users <bind-users at lists.isc.org> wrote:
> 
> 
> Hello,
> 
> What is wrong with my file zone ?
> Why espcially for _dmarc IN TXT 
> I cannot get the ANSWER SECTION with a dig command ?
> 
> Best Regards,
> 
> Ed
> 
> -------- Message transféré --------
> Sujet :	Re: How to set up a dmarc record ?
> Date :	Tue, 10 Dec 2019 11:51:47 -0300
> De :	Edouard Guigné via bind-users <bind-users at lists.isc.org>
> Répondre à :	Edouard Guigné <eguigne at pasteur-cayenne.fr>
> Pour :	bind-users at lists.isc.org >> bind-users <bind-users at lists.isc.org>
> 
> 
> Hello,
> 
> I changed to "_dmarc" instead of "_dmarc.pasteur-cayenne.fr"
> _dmarc IN      TXT     ( "v=DMARC1; p=none; "
>           "rua=mailto:dmarc at pasteur-cayenne.fr; pct=5; "
>           "sp=none; aspf=r" )
> 
> My zone file is updated :
> # named-checkzone pasteur-cayenne.fr /var/named/external/db.pasteur-cayenne.fr
> zone pasteur-cayenne.fr/IN: loaded serial 2019120810
> OK
> 
> But It still does not give the dmarc ANSWER SECTION expected :
> # dig IN txt _dmarc.pasteur-cayenne.fr. @ara.pasteur-cayenne.fr.
> 
> ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> IN txt _dmarc.pasteur-cayenne.fr. @ara.pasteur-cayenne.fr.
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4753
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
> ;; WARNING: recursion requested but not available
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;_dmarc.pasteur-cayenne.fr.     IN      TXT
> 
> ;; AUTHORITY SECTION:
> _dmarc.pasteur-cayenne.fr. 3600 IN      NS      ara.pasteur-cayenne.fr.
> 
> ;; ADDITIONAL SECTION:
> ara.pasteur-cayenne.fr. 3600    IN      A       186.2.246.17
> 
> ;; Query time: 0 msec
> ;; SERVER: 186.2.246.17#53(186.2.246.17)
> ;; WHEN: mar. déc. 10 11:42:21 -03 2019
> ;; MSG SIZE  rcvd: 88
> 
> 
> 
> 
> 
> Le 10/12/2019 à 10:46, Ondřej Surý a écrit :
>> Also the record on the next line looks suspicious:
>> 
>>         IN      NS      ara.pasteur-cayenne.fr.
> I am very sorry because I am not very used with bind.
> 
> "ara" is the primary DNS for internet.
> 
> Is this line redundant with the line before ?
>                        NS      ara.pasteur-cayenne.fr.
> 
> 
> 
>> As you delegated the whole subdomain to ara.p-c.fr again:
>> 
>> 
>> $ dig IN TXT _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. @ara.pasteur-cayenne.fr.
>> 
>> ; <<>> DiG 9.11.8 <<>> IN TXT _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. @ara.pasteur-cayenne.fr.
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52693
>> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
>> ;; WARNING: recursion requested but not available
>> 
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ; COOKIE: 35c43e4d3150d78270cae65e5defa16cbf8158df5e59c89c (good)
>> ;; QUESTION SECTION:
>> ;_dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. IN TXT
>> 
>> ;; AUTHORITY SECTION:
>> _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. 3600 IN NS ara.pasteur-cayenne.fr.
>> 
>> ;; ADDITIONAL SECTION:
>> ara.pasteur-cayenne.fr.	3600	IN	A	186.2.246.17
>> 
>> ;; Query time: 192 msec
>> ;; SERVER: 186.2.246.17#53(186.2.246.17)
>> ;; WHEN: Tue Dec 10 14:45:16 CET 2019
>> ;; MSG SIZE  rcvd: 135
>> 
>> I don’t think it was an intent.
>> 
>> Ondrej
>> --
>> Ondřej Surý
>> ondrej at isc.org
>> 
>>>> On 10 Dec 2019, at 14:37, Niall O'Reilly <niall.oreilly at ucd.ie> wrote:
>>>> 
>>>> On 10 Dec 2019, at 13:30, Edouard Guigné wrote:
>>>> 
>>>> ; DMARC
>>>> _dmarc.pasteur-cayenne.fr IN      TXT     ( "v=DMARC1; p=none; "
>>>>           "rua=[mailto:dmarc at pasteur-cayenne.fr](<mailto:dmarc at pasteur-cayenne.fr>); pct=5; "
>>>>           "sp=none; aspf=r" )
>>> Instead of "_dmarc.pasteur-cayenne.fr", you should put "_dmarc",
>>> leaving out ".pasteur-cayenne.fr", just as you did for the DKIM
>>> record.
>>> 
>>> Niall O'Reilly
>>> _______________________________________________
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>> 
>>> bind-users mailing list
>>> bind-users at lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20191210/4dd9d622/attachment-0001.htm>

More information about the bind-users mailing list