How to set up a dmarc record ?
Edouard Guigné
eguigne at pasteur-cayenne.fr
Wed Dec 11 11:40:37 UTC 2019
Hello,
Yes, my problem is fixed !
Thank you very much
Le 10/12/2019 à 17:25, Emre Özüdoğru a écrit :
> If I query your zone. It give me answer you wanted. Is your problem
> continues or fixed?
>
> emre at FXMBP ~ % dig IN txt _dmarc.pasteur-cayenne.fr
> <http://dmarc.pasteur-cayenne.fr>. @ara.pasteur-cayenne.fr.
>
>
> ; <<>> DiG 9.10.6 <<>> IN txt _dmarc.pasteur-cayenne.fr
> <http://dmarc.pasteur-cayenne.fr>. @ara.pasteur-cayenne.fr.
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33317
> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 2
> ;; WARNING: recursion requested but not available
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;_dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>.INTXT
>
> ;; ANSWER SECTION:
> _dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>.
> 3600INTXT"v=DMARC1; p=none; " "rua=mailto:dmarc at pasteur-cayenne.fr;
> pct=5; " "sp=none; aspf=r"
>
> ;; AUTHORITY SECTION:
> pasteur-cayenne.fr <http://pasteur-cayenne.fr>.86400INNSns6.oleane.net
> <http://ns6.oleane.net>.
> pasteur-cayenne.fr
> <http://pasteur-cayenne.fr>.86400INNSara.pasteur-cayenne.fr
> <http://ara.pasteur-cayenne.fr>.
> pasteur-cayenne.fr <http://pasteur-cayenne.fr>.86400INNSns7.oleane.net
> <http://ns7.oleane.net>.
>
> ;; ADDITIONAL SECTION:
> ara.pasteur-cayenne.fr <http://ara.pasteur-cayenne.fr>.3600INA186.2.246.17
>
> ;; Query time: 221 msec
> ;; SERVER: 186.2.246.17#53(186.2.246.17)
> ;; WHEN: Tue Dec 10 23:21:21 +03 2019
> ;; MSG SIZE rcvd: 226
>
>
>
>
>> On 10 Dec 2019, at 19:46, Ondřej Surý <ondrej at isc.org
>> <mailto:ondrej at isc.org>> wrote:
>>
>> Well, I already told you what’s wrong and you ignored that part.
>> Please read it again and understand what it means to delegate a part
>> of the zone. Your problems are not specific to BIND 9, it’s just your
>> zone file is wrong.
>>
>> Ondrej
>> --
>> Ondřej Surý — ISC
>>
>>> On 10 Dec 2019, at 17:43, Edouard Guigné via bind-users
>>> <bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>> wrote:
>>>
>>>
>>>
>>> Hello,
>>>
>>> What is wrong with my file zone ?
>>> Why espcially for _dmarc IN TXT
>>> I cannot get the ANSWER SECTION with a dig command ?
>>>
>>> Best Regards,
>>>
>>> Ed
>>>
>>> -------- Message transféré --------
>>> Sujet : Re: How to set up a dmarc record ?
>>> Date : Tue, 10 Dec 2019 11:51:47 -0300
>>> De : Edouard Guigné via bind-users <bind-users at lists.isc.org>
>>> Répondre à : Edouard Guigné <eguigne at pasteur-cayenne.fr>
>>> Pour : bind-users at lists.isc.org >> bind-users
>>> <bind-users at lists.isc.org>
>>>
>>>
>>>
>>> Hello,
>>>
>>> I changed to "_dmarc" instead of "_dmarc.pasteur-cayenne.fr
>>> <http://dmarc.pasteur-cayenne.fr>"
>>> _dmarc IN TXT ( "v=DMARC1; p=none; "
>>> "rua=mailto:dmarc at pasteur-cayenne.fr; pct=5; "
>>> "sp=none; aspf=r" )
>>>
>>> My zone file is updated :
>>> # named-checkzone pasteur-cayenne.fr <http://pasteur-cayenne.fr>
>>> /var/named/external/db.pasteur-cayenne.fr <http://db.pasteur-cayenne.fr>
>>> zone pasteur-cayenne.fr/IN: <http://pasteur-cayenne.fr/IN:> loaded
>>> serial 2019120810
>>> OK
>>>
>>> But It still does not give the dmarc ANSWER SECTION expected :
>>> # dig IN txt _dmarc.pasteur-cayenne.fr
>>> <http://dmarc.pasteur-cayenne.fr>. @ara.pasteur-cayenne.fr.
>>>
>>> ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> IN txt
>>> _dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>.
>>> @ara.pasteur-cayenne.fr.
>>> ;; global options: +cmd
>>> ;; Got answer:
>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4753
>>> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
>>> ;; WARNING: recursion requested but not available
>>>
>>> ;; OPT PSEUDOSECTION:
>>> ; EDNS: version: 0, flags:; udp: 4096
>>> ;; QUESTION SECTION:
>>> ;_dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>.
>>> IN TXT
>>>
>>> ;; AUTHORITY SECTION:
>>> _dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>. 3600
>>> IN NS ara.pasteur-cayenne.fr <http://ara.pasteur-cayenne.fr>.
>>>
>>> ;; ADDITIONAL SECTION:
>>> ara.pasteur-cayenne.fr <http://ara.pasteur-cayenne.fr>. 3600
>>> IN A 186.2.246.17
>>>
>>> ;; Query time: 0 msec
>>> ;; SERVER: 186.2.246.17#53(186.2.246.17)
>>> ;; WHEN: mar. déc. 10 11:42:21 -03 2019
>>> ;; MSG SIZE rcvd: 88
>>>
>>>
>>>
>>> Le 10/12/2019 à 10:46, Ondřej Surý a écrit :
>>>> Also the record on the next line looks suspicious:
>>>>
>>>> IN NSara.pasteur-cayenne.fr <http://ara.pasteur-cayenne.fr>.
>>>
>>> I am very sorry because I am not very used with bind.
>>>
>>> "ara" is the primary DNS for internet.
>>>
>>> Is this line redundant with the line before ?
>>> NS ara.pasteur-cayenne.fr
>>> <http://ara.pasteur-cayenne.fr>.
>>>
>>>
>>>> As you delegated the whole subdomain toara.p-c.fr <http://ara.p-c.fr> again:
>>>>
>>>>
>>>> $ dig IN TXT _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr>. @ara.pasteur-cayenne.fr.
>>>>
>>>> ; <<>> DiG 9.11.8 <<>> IN TXT _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr>. @ara.pasteur-cayenne.fr.
>>>> ;; global options: +cmd
>>>> ;; Got answer:
>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52693
>>>> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
>>>> ;; WARNING: recursion requested but not available
>>>>
>>>> ;; OPT PSEUDOSECTION:
>>>> ; EDNS: version: 0, flags:; udp: 4096
>>>> ; COOKIE: 35c43e4d3150d78270cae65e5defa16cbf8158df5e59c89c (good)
>>>> ;; QUESTION SECTION:
>>>> ;_dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr>. IN TXT
>>>>
>>>> ;; AUTHORITY SECTION:
>>>> _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr>. 3600 IN NSara.pasteur-cayenne.fr <http://ara.pasteur-cayenne.fr>.
>>>>
>>>> ;; ADDITIONAL SECTION:
>>>> ara.pasteur-cayenne.fr <http://ara.pasteur-cayenne.fr>. 3600 IN A 186.2.246.17
>>>>
>>>> ;; Query time: 192 msec
>>>> ;; SERVER: 186.2.246.17#53(186.2.246.17)
>>>> ;; WHEN: Tue Dec 10 14:45:16 CET 2019
>>>> ;; MSG SIZE rcvd: 135
>>>>
>>>> I don’t think it was an intent.
>>>>
>>>> Ondrej
>>>> --
>>>> Ondřej Surý
>>>> ondrej at isc.org
>>>>
>>>>> On 10 Dec 2019, at 14:37, Niall O'Reilly<niall.oreilly at ucd.ie> wrote:
>>>>>
>>>>> On 10 Dec 2019, at 13:30, Edouard Guigné wrote:
>>>>>
>>>>>> ; DMARC
>>>>>> _dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr> IN TXT ( "v=DMARC1; p=none; "
>>>>>> "rua=[mailto:dmarc at pasteur-cayenne.fr](<mailto:dmarc at pasteur-cayenne.fr>); pct=5; "
>>>>>> "sp=none; aspf=r" )
>>>>> Instead of "_dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>", you should put "_dmarc",
>>>>> leaving out ".pasteur-cayenne.fr <http://pasteur-cayenne.fr>", just as you did for the DKIM
>>>>> record.
>>>>>
>>>>> Niall O'Reilly
>>>>> _______________________________________________
>>>>> Please visithttps://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>>>>>
>>>>> bind-users mailing list
>>>>> bind-users at lists.isc.org
>>>>> https://lists.isc.org/mailman/listinfo/bind-users
>>> _______________________________________________
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
>>> unsubscribe from this list
>>>
>>> bind-users mailing list
>>> bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
>>> https://lists.isc.org/mailman/listinfo/bind-users
>> _______________________________________________
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users
>> <https://lists.isc.org/mailman/listinfo/bind-users> to unsubscribe
>> from this list
>>
>> bind-users mailing list
>> bind-users at lists.isc.org <mailto:bind-users at lists.isc.org>
>> https://lists.isc.org/mailman/listinfo/bind-users
>
>
> TurkNet <https://turk.net/>
> ------------------------------------------------------------------------
> Bu elektronik posta ve onunla iletilen bütün dosyalar sadece
> göndericisi tarafından alması amaçlanan yetkili gerçek ya da tüzel
> kişinin kullanımı içindir. Eğer söz konusu yetkili alıcı değilseniz bu
> elektronik postanın içeriğini açıklamanız, kopyalamanız,
> yönlendirmeniz ve kullanmanız kesinlikle yasaktır ve bu elektronik
> postayı derhal silmeniz gerekmektedir. TurkNet bu mesajın içerdiği
> bilgilerin doğruluğu veya eksiksiz olduğu konusunda herhangi bir
> garanti vermemektedir. Bu nedenle bu bilgilerin ne şekilde olursa
> olsun içeriğinden, iletilmesinden, alınmasından ve saklanmasından
> sorumlu değildir. Bu mesajdaki görüşler yalnızca gönderen kişiye
> aittir ve TurkNet'in görüşlerini yansıtmayabilir. Bu e-posta bilinen
> bütün bilgisayar virüslerine karşı taranmıştır.
> ________________________________________
> This e-mail and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you are not the intended recipient you are hereby
> notified that any dissemination, forwarding, copying or use of any of
> the information is strictly prohibited, and the e-mail should
> immediately be deleted. TurkNet makes no warranty as to the accuracy
> or completeness of any information contained in this message and
> hereby excludes any liability of any kind for the information
> contained therein or for the information transmission, reception,
> storage or use of such in any way whatsoever. The opinions expressed
> in this message belong to sender alone and may not necessarily reflect
> the opinions of TurkNet. This e-mail has been scanned for all known
> computer viruses.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20191211/5c2c739c/attachment-0001.htm>
More information about the bind-users
mailing list