<html>
<head>
<style>
.sw_message P{margin:0px;padding:0px;}
.sw_message {FONT-SIZE: 12pt;FONT-FAMILY:Tahoma,Arial,Helvetica,sans-serif;background:white;}
.sw_message blockquote{margin-left:5px;padding-left:5px;border-left:2px solid #144fae;color: #144fae;}
.sw_message blockquote blockquote{border-left:2px solid #006312;color: #006312;}
.sw_message blockquote blockquote blockquote{border-left:2px solid #8e5656;color: #8e5656;}
.sw_message blockquote blockquote blockquote blockquote{border-left:2px solid #888;color: #888;}
</style>
</head>
<body class="sw_message">
<div> I cant be the only one that has racked his brains and written hundreds of lines of code trying to get ISC BIND 9 to authenticate Dmarc records correctly.</div><div>A specific guide with code examples would be wonderful if anything like that exist. I have spf and dkim working correctly but cant seem to nail down dmark , I'm thinking it must be a syntax issue I'm up up against.</div><div>Below is one of my records that is as far as I can tell running cleanly and loading the zone with no errors.</div><div><br></div><div><div>; File: db.netassoc.net.txt</div><div>; Purpose: This file establishes the name-address information</div><div>; for this zone. You will have to fill out the actual</div><div>; information for your specific zone in the format shown</div><div>; in the comments.2000072500125</div><div>; </div><div>; Comments are marked with a semicolon, unlike the named.conf file</div><div>;</div><div>$TTL 900 ; TTL 15 min</div><div>netassoc.net. IN SOA proliant.netassoc.net. hostmaster.netassoc.net. (</div><div> 2022061614 ; serial number (yyyymmddxx) change this with every change</div><div> 1800 ; refresh every 30 minutes</div><div> 3600 ; retry after 1 hours</div><div> 1209600 ; expire after 1 hour 20 min</div><div> 600 ) ; Negative Time to live: 15 min<span style="white-space:pre"> </span></div><div>;</div><div><span style="white-space:pre"> </span> IN NS<span style="white-space:pre"> </span>proliant.netassoc.net.</div><div><span style="white-space:pre"> </span> IN NS ns2.netassoc.net.</div><div>;</div><div>mail.netassoc.net. IN MX 10 mail.netassoc.net.</div><div>netassoc.net. IN MX 5 mail.netassoc.net.</div><div>netassoc.net. IN A 12.171.228.25</div><div>_dmarc.netassoc.net. IN CNAME netassoc.net.</div><div>netassoc.net. IN TXT "google-site-verification=2Y92xUbr2yUnTuhTQPyXHZw53JpnvWmdbQ9H04DIdvY"</div><div>www.netassoc.net. IN A 12.171.228.25</div><div>mail.netassoc.net. IN A 12.171.228.28</div><div>www.mail.netassoc.net. IN A 12.171.228.28</div><div>localhost <span style="white-space:pre"> </span> IN A 127.0.0.1</div><div>proliant.netassoc.net.<span style="white-space:pre"> </span> IN A 12.171.228.20</div><div>ns2.netassoc.net.<span style="white-space:pre"> </span> IN A 12.171.228.21</div><div>@ IN TXT "v=spf1 ip4:12.171.228.28 a mx -all"</div><div>; DKIM public key record</div><div>default._domainkey.netassoc.net. IN TXT "v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPhIUVyn2UZZ0nvFho1B9JKZ01a2dO375rIM1H5WUrp+1IFfvWXKv+eqWDS7sCPxtUbuZV66w7/zQ8WQfutPLVUKAV1vYUEnWJESI1rUolnVvJ/kR5RS9g7jTzpN18eMcg0TGMjrY9qhfXfIE8oBG+wSv2IsipfshgQotZwi8ojwIDAQAB"</div><div>default._domainkey.mail.netassoc.net. IN TXT "v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPhIUVyn2UZZ0nvFho1B9JKZ01a2dO375rIM1H5WUrp+1IFfvWXKv+eqWDS7sCPxtUbuZV66w7/zQ8WQfutPLVUKAV1vYUEnWJESI1rUolnVvJ/kR5RS9g7jTzpN18eMcg0TGMjrY9qhfXfIE8oBG+wSv2IsipfshgQotZwi8ojwIDAQAB"</div><div>@ IN TXT v=DMARC1; p=reject; rua=mailto:dmarc_report@mail.netassoc.net; ruf=mailto:demarc_forensic@mail.netassoc.net; fo=1;</div><div>;</div></div><div><br></div><div><span style="font-size: 12pt;"> </span></div><div id="editor_signature"><div style="font-size: 16px;"><span style="font-size: 12pt;">Daniel Jay Foran </span></div><div style="font-size: 16px;">Network Administr<span style="font-size: 12pt;">ator</span></div><div style="font-size: 16px;">Network Associates &</div><div style="font-size: 16px;">Telepage Communication Systems of</div><div style="font-size: 16px;">Twinn Comm Inc. & Infinity Technology Group</div><div style="font-size: 16px;">Store 304-485-6823</div><div style="font-size: 16px;">CELL 304-916-6520</div><div style="font-size: 16px;"><br></div><div id="" style="font-size: 16px;"></div></div><div> </div><div>On Monday 06/27/2022 at 8:05 am, bind-users-request@lists.isc.org wrote: </div><blockquote type="cite">Send bind-users mailing list submissions to<br> bind-users@lists.isc.org<br><br>To subscribe or unsubscribe via the World Wide Web, visit<br> <a target="_blank" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a><br>or, via email, send a message with subject or body 'help' to<br> bind-users-request@lists.isc.org<br><br>You can reach the person managing the list at<br> bind-users-owner@lists.isc.org<br><br>When replying, please edit your Subject line so it is more specific<br>than "Re: Contents of bind-users digest..."<br><br><br>Today's Topics:<br><br> 1. Re: 9.18 behavior change for mDNS queries with dig (Evan Hunt)<br> 2. Re: 9.18 behavior change for mDNS queries with dig (Petr ?pa?ek)<br><br><br>----------------------------------------------------------------------<br><br>Message: 1<br>Date: Mon, 27 Jun 2022 06:26:37 +0000<br>From: Evan Hunt <each@isc.org><br>To: Larry Stone <lstone19@stonejongleux.com><br>Cc: bind-users <bind-users@lists.isc.org><br>Subject: Re: 9.18 behavior change for mDNS queries with dig<br>Message-ID: <YrlNnXrkgooK05nH@isc.org><br>Content-Type: text/plain; charset=utf-8<br><br>On Sun, Jun 26, 2022 at 10:00:08PM -0500, Larry Stone wrote:<br><blockquote type="cite"> I recently moved from 9.16 to 9.18 and just noticed that dig no longer<br> resolves mDNS queries.<br> <br> With 9.16:<br> dig +short @224.0.0.251 -p 5353 hostname.local<br> 192.168.0.82<br> <br> With 9.18:<br> dig +short @224.0.0.251 -p 5353 hostname.local<br> ;; connection timed out; no servers could be reached<br> <br> I can?t find anything in the Release Notes (or anyplace else) about this. <br></blockquote><br>"dig" was rewritten in 9.18 to use the libuv-based network manager<br>instead of the old socket code; it's probably related to that. Please<br>open a bug report at <a target="_blank" href="https://gitlab.isc.org/isc-projects/bind9/-/issues,">https://gitlab.isc.org/isc-projects/bind9/-/issues,</a><br>we'll look into it.<br><br>-- <br>Evan Hunt -- each@isc.org<br>Internet Systems Consortium, Inc.<br><br><br>------------------------------<br><br>Message: 2<br>Date: Mon, 27 Jun 2022 08:48:57 +0200<br>From: Petr ?pa?ek <pspacek@isc.org><br>To: bind-users@lists.isc.org, Larry Stone <lstone19@stonejongleux.com><br>Subject: Re: 9.18 behavior change for mDNS queries with dig<br>Message-ID: <ebad4d19-23dd-5a2e-b2da-7d0fa6a753f7@isc.org><br>Content-Type: text/plain; charset=UTF-8; format=flowed<br><br>On 27. 06. 22 8:26, Evan Hunt wrote:<br><blockquote type="cite"> On Sun, Jun 26, 2022 at 10:00:08PM -0500, Larry Stone wrote:<br><blockquote type="cite"> I recently moved from 9.16 to 9.18 and just noticed that dig no longer<br> resolves mDNS queries.<br><br> With 9.16:<br> dig +short @224.0.0.251 -p 5353 hostname.local<br> 192.168.0.82<br><br> With 9.18:<br> dig +short @224.0.0.251 -p 5353 hostname.local<br> ;; connection timed out; no servers could be reached<br><br> I can?t find anything in the Release Notes (or anyplace else) about this.<br></blockquote> <br> "dig" was rewritten in 9.18 to use the libuv-based network manager<br> instead of the old socket code; it's probably related to that. Please<br> open a bug report at <a target="_blank" href="https://gitlab.isc.org/isc-projects/bind9/-/issues,">https://gitlab.isc.org/isc-projects/bind9/-/issues,</a><br> we'll look into it.<br></blockquote><br>Please don't forget to attach PCAP file produced by tcpdump or similar <br>tool so we can see if anything happens on the wire or not.<br><br>-- <br>Petr ?pa?ek<br><br><br>------------------------------<br><br>Subject: Digest Footer<br><br>_______________________________________________<br>ISC funds the development of this software with paid support subscriptions. Contact us at <a target="_blank" href="https://www.isc.org/contact/">https://www.isc.org/contact/</a> for more information.<br><br>bind-users mailing list<br>bind-users@lists.isc.org<br><a target="_blank" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a><br><br><br>------------------------------<br><br>End of bind-users Digest, Vol 4011, Issue 2<br>*******************************************<br></blockquote><br>
</body></html>