Re: How to set up a dmarc record ?

2019-12-11 Thread Edouard Guigné 

Hello,

Yes, my problem is fixed !

Thank you very much

Le 10/12/2019 à 17:25, Emre Özüdoğru a écrit :
If I query your zone. It give me answer you wanted. Is your problem 
continues or fixed?


emre@FXMBP ~ % dig IN txt _dmarc.pasteur-cayenne.fr 
<http://dmarc.pasteur-cayenne.fr>. @ara.pasteur-cayenne.fr.



; <<>> DiG 9.10.6 <<>> IN txt _dmarc.pasteur-cayenne.fr 
<http://dmarc.pasteur-cayenne.fr>. @ara.pasteur-cayenne.fr.

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33317
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>.INTXT

;; ANSWER SECTION:
_dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>. 
3600INTXT"v=DMARC1; p=none; " "rua=mailto:dm...@pasteur-cayenne.fr; 
pct=5; " "sp=none; aspf=r"


;; AUTHORITY SECTION:
pasteur-cayenne.fr <http://pasteur-cayenne.fr>.86400INNSns6.oleane.net 
<http://ns6.oleane.net>.
pasteur-cayenne.fr 
<http://pasteur-cayenne.fr>.86400INNSara.pasteur-cayenne.fr 
<http://ara.pasteur-cayenne.fr>.
pasteur-cayenne.fr <http://pasteur-cayenne.fr>.86400INNSns7.oleane.net 
<http://ns7.oleane.net>.


;; ADDITIONAL SECTION:
ara.pasteur-cayenne.fr <http://ara.pasteur-cayenne.fr>.3600INA186.2.246.17

;; Query time: 221 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: Tue Dec 10 23:21:21 +03 2019
;; MSG SIZE  rcvd: 226




On 10 Dec 2019, at 19:46, Ondřej Surý <mailto:ond...@isc.org>> wrote:


Well, I already told you what’s wrong and you ignored that part. 
Please read it again and understand what it means to delegate a part 
of the zone. Your problems are not specific to BIND 9, it’s just your 
zone file is wrong.


Ondrej
--
Ondřej Surý — ISC

On 10 Dec 2019, at 17:43, Edouard Guigné via bind-users 
mailto:bind-users@lists.isc.org>> wrote:




Hello,

What is wrong with my file zone ?
Why espcially for _dmarc IN TXT
I cannot get the ANSWER SECTION with a dig command ?

Best Regards,

Ed

 Message transféré 
Sujet : Re: How to set up a dmarc record ?
Date :  Tue, 10 Dec 2019 11:51:47 -0300
De :Edouard Guigné via bind-users 
Répondre à :Edouard Guigné 
Pour : 	bind-users@lists.isc.org >> bind-users 





Hello,

I changed to "_dmarc" instead of "_dmarc.pasteur-cayenne.fr 
<http://dmarc.pasteur-cayenne.fr>"

_dmarc IN  TXT ( "v=DMARC1; p=none; "
  "rua=mailto:dm...@pasteur-cayenne.fr; pct=5; "
  "sp=none; aspf=r" )

My zone file is updated :
# named-checkzone pasteur-cayenne.fr <http://pasteur-cayenne.fr> 
/var/named/external/db.pasteur-cayenne.fr <http://db.pasteur-cayenne.fr>
zone pasteur-cayenne.fr/IN: <http://pasteur-cayenne.fr/IN:> loaded 
serial 2019120810

OK

But It still does not give the dmarc ANSWER SECTION expected :
# dig IN txt _dmarc.pasteur-cayenne.fr 
<http://dmarc.pasteur-cayenne.fr>. @ara.pasteur-cayenne.fr.


; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> IN txt 
_dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>. 
@ara.pasteur-cayenne.fr.

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4753
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>. 
IN  TXT


;; AUTHORITY SECTION:
_dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>. 3600 
IN  NS ara.pasteur-cayenne.fr <http://ara.pasteur-cayenne.fr>.


;; ADDITIONAL SECTION:
ara.pasteur-cayenne.fr <http://ara.pasteur-cayenne.fr>. 3600    
IN  A   186.2.246.17


;; Query time: 0 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: mar. déc. 10 11:42:21 -03 2019
;; MSG SIZE  rcvd: 88



Le 10/12/2019 à 10:46, Ondřej Surý a écrit :

Also the record on the next line looks suspicious:

 IN  NSara.pasteur-cayenne.fr  <http://ara.pasteur-cayenne.fr>.


I am very sorry because I am not very used with bind.

"ara" is the primary DNS for internet.

Is this line redundant with the line before ?
   NS ara.pasteur-cayenne.fr 
<http://ara.pasteur-cayenne.fr>.




As you delegated the whole subdomain toara.p-c.fr  <http://ara.p-c.fr>  again:


$ dig IN TXT _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr  
<http://dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr>. @ara.pasteur-cayenne.fr.

; <<>> DiG 9.11.8 <<>> IN TXT _dmarc.pasteur-cayenne.fr.pasteur-ca

Re: How to set up a dmarc record ?

2019-12-10 Thread Emre Özüdoğru 
If I query your zone. It give me answer you wanted. Is your problem continues 
or fixed?

emre@FXMBP ~ % dig IN txt 
_dmarc.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr>. 
@ara.pasteur-cayenne.fr.


; <<>> DiG 9.10.6 <<>> IN txt 
_dmarc.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr>. 
@ara.pasteur-cayenne.fr.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33317
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_dmarc.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr>. IN TXT

;; ANSWER SECTION:
_dmarc.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr>. 3600 IN TXT 
"v=DMARC1; p=none; " "rua=mailto:dm...@pasteur-cayenne.fr; pct=5; " "sp=none; 
aspf=r"

;; AUTHORITY SECTION:
pasteur-cayenne.fr<http://pasteur-cayenne.fr>. 86400 IN NS 
ns6.oleane.net<http://ns6.oleane.net>.
pasteur-cayenne.fr<http://pasteur-cayenne.fr>. 86400 IN NS 
ara.pasteur-cayenne.fr<http://ara.pasteur-cayenne.fr>.
pasteur-cayenne.fr<http://pasteur-cayenne.fr>. 86400 IN NS 
ns7.oleane.net<http://ns7.oleane.net>.

;; ADDITIONAL SECTION:
ara.pasteur-cayenne.fr<http://ara.pasteur-cayenne.fr>. 3600 IN A 186.2.246.17

;; Query time: 221 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: Tue Dec 10 23:21:21 +03 2019
;; MSG SIZE  rcvd: 226




On 10 Dec 2019, at 19:46, Ondřej Surý mailto:ond...@isc.org>> 
wrote:

Well, I already told you what’s wrong and you ignored that part. Please read it 
again and understand what it means to delegate a part of the zone. Your 
problems are not specific to BIND 9, it’s just your zone file is wrong.

Ondrej
--
Ondřej Surý — ISC

On 10 Dec 2019, at 17:43, Edouard Guigné via bind-users 
mailto:bind-users@lists.isc.org>> wrote:



Hello,

What is wrong with my file zone ?
Why espcially for _dmarc IN TXT
I cannot get the ANSWER SECTION with a dig command ?

Best Regards,

Ed

 Message transféré 
Sujet : Re: How to set up a dmarc record ?
Date :  Tue, 10 Dec 2019 11:51:47 -0300
De :Edouard Guigné via bind-users 
<mailto:bind-users@lists.isc.org>
Répondre à :Edouard Guigné 
<mailto:egui...@pasteur-cayenne.fr>
Pour :  bind-users@lists.isc.org<mailto:bind-users@lists.isc.org> >> bind-users 
<mailto:bind-users@lists.isc.org>



Hello,

I changed to "_dmarc" instead of 
"_dmarc.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr>"
_dmarc IN  TXT ( "v=DMARC1; p=none; "
  "rua=mailto:dm...@pasteur-cayenne.fr; pct=5; "
  "sp=none; aspf=r" )

My zone file is updated :
# named-checkzone pasteur-cayenne.fr<http://pasteur-cayenne.fr> 
/var/named/external/db.pasteur-cayenne.fr<http://db.pasteur-cayenne.fr>
zone pasteur-cayenne.fr/IN:<http://pasteur-cayenne.fr/IN:> loaded serial 
2019120810
OK

But It still does not give the dmarc ANSWER SECTION expected :
# dig IN txt _dmarc.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr>. 
@ara.pasteur-cayenne.fr.

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> IN txt 
_dmarc.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr>. 
@ara.pasteur-cayenne.fr.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4753
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_dmarc.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr>. IN  TXT

;; AUTHORITY SECTION:
_dmarc.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr>. 3600 IN  NS 
 ara.pasteur-cayenne.fr<http://ara.pasteur-cayenne.fr>.

;; ADDITIONAL SECTION:
ara.pasteur-cayenne.fr<http://ara.pasteur-cayenne.fr>. 3600IN  A   
186.2.246.17

;; Query time: 0 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: mar. déc. 10 11:42:21 -03 2019
;; MSG SIZE  rcvd: 88



Le 10/12/2019 à 10:46, Ondřej Surý a écrit :

Also the record on the next line looks suspicious:

IN  NS  ara.pasteur-cayenne.fr<http://ara.pasteur-cayenne.fr>.

I am very sorry because I am not very used with bind.

"ara" is the primary DNS for internet.

Is this line redundant with the line before ?
   NS  
ara.pasteur-cayenne.fr<http://ara.pasteur-cayenne.fr>.


As you delegated the whole subdomain to ara.p-c.fr<http://ara.p-c.fr> again:


$ dig IN TXT 
_dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr<http://dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr>.
 @ara.pasteur-cayenne.fr.

; <<>> DiG 9.11.8 <<>&

Re: How to set up a dmarc record ?

2019-12-10 Thread Ondřej Surý 
Well, I already told you what’s wrong and you ignored that part. Please read it 
again and understand what it means to delegate a part of the zone. Your 
problems are not specific to BIND 9, it’s just your zone file is wrong.

Ondrej
--
Ondřej Surý — ISC

> On 10 Dec 2019, at 17:43, Edouard Guigné via bind-users 
>  wrote:
> 
> 
> Hello,
> 
> What is wrong with my file zone ?
> Why espcially for _dmarc IN TXT 
> I cannot get the ANSWER SECTION with a dig command ?
> 
> Best Regards,
> 
> Ed
> 
>  Message transféré ----
> Sujet :   Re: How to set up a dmarc record ?
> Date :Tue, 10 Dec 2019 11:51:47 -0300
> De :  Edouard Guigné via bind-users 
> Répondre à :  Edouard Guigné 
> Pour :bind-users@lists.isc.org >> bind-users 
> 
> 
> 
> Hello,
> 
> I changed to "_dmarc" instead of "_dmarc.pasteur-cayenne.fr"
> _dmarc IN  TXT ( "v=DMARC1; p=none; "
>   "rua=mailto:dm...@pasteur-cayenne.fr; pct=5; "
>   "sp=none; aspf=r" )
> 
> My zone file is updated :
> # named-checkzone pasteur-cayenne.fr /var/named/external/db.pasteur-cayenne.fr
> zone pasteur-cayenne.fr/IN: loaded serial 2019120810
> OK
> 
> But It still does not give the dmarc ANSWER SECTION expected :
> # dig IN txt _dmarc.pasteur-cayenne.fr. @ara.pasteur-cayenne.fr.
> 
> ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> IN txt 
> _dmarc.pasteur-cayenne.fr. @ara.pasteur-cayenne.fr.
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4753
> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
> ;; WARNING: recursion requested but not available
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;_dmarc.pasteur-cayenne.fr. IN  TXT
> 
> ;; AUTHORITY SECTION:
> _dmarc.pasteur-cayenne.fr. 3600 IN  NS  ara.pasteur-cayenne.fr.
> 
> ;; ADDITIONAL SECTION:
> ara.pasteur-cayenne.fr. 3600IN  A   186.2.246.17
> 
> ;; Query time: 0 msec
> ;; SERVER: 186.2.246.17#53(186.2.246.17)
> ;; WHEN: mar. déc. 10 11:42:21 -03 2019
> ;; MSG SIZE  rcvd: 88
> 
> 
> 
> 
> 
> Le 10/12/2019 à 10:46, Ondřej Surý a écrit :
>> Also the record on the next line looks suspicious:
>> 
>> IN  NS  ara.pasteur-cayenne.fr.
> I am very sorry because I am not very used with bind.
> 
> "ara" is the primary DNS for internet.
> 
> Is this line redundant with the line before ?
>NS  ara.pasteur-cayenne.fr.
> 
> 
> 
>> As you delegated the whole subdomain to ara.p-c.fr again:
>> 
>> 
>> $ dig IN TXT _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. 
>> @ara.pasteur-cayenne.fr.
>> 
>> ; <<>> DiG 9.11.8 <<>> IN TXT _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. 
>> @ara.pasteur-cayenne.fr.
>> ;; global options: +cmd
>> ;; Got answer:
>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52693
>> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
>> ;; WARNING: recursion requested but not available
>> 
>> ;; OPT PSEUDOSECTION:
>> ; EDNS: version: 0, flags:; udp: 4096
>> ; COOKIE: 35c43e4d3150d78270cae65e5defa16cbf8158df5e59c89c (good)
>> ;; QUESTION SECTION:
>> ;_dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. IN TXT
>> 
>> ;; AUTHORITY SECTION:
>> _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. 3600 IN NS 
>> ara.pasteur-cayenne.fr.
>> 
>> ;; ADDITIONAL SECTION:
>> ara.pasteur-cayenne.fr.  3600IN  A   186.2.246.17
>> 
>> ;; Query time: 192 msec
>> ;; SERVER: 186.2.246.17#53(186.2.246.17)
>> ;; WHEN: Tue Dec 10 14:45:16 CET 2019
>> ;; MSG SIZE  rcvd: 135
>> 
>> I don’t think it was an intent.
>> 
>> Ondrej
>> --
>> Ondřej Surý
>> ond...@isc.org
>> 
>>>> On 10 Dec 2019, at 14:37, Niall O'Reilly  wrote:
>>>> 
>>>> On 10 Dec 2019, at 13:30, Edouard Guigné wrote:
>>>> 
>>>> ; DMARC
>>>> _dmarc.pasteur-cayenne.fr IN  TXT ( "v=DMARC1; p=none; "
>>>>   
>>>> "rua=[mailto:dm...@pasteur-cayenne.fr](<mailto:dm...@pasteur-cayenne.fr>); 
>>>> pct=5; "
>>>>   "sp=none; aspf=r" )
>>> Instead of "_dmarc.pasteur-cayenne.fr", you should put "_dmarc",
>>> leaving out ".pasteur-cayenne.fr", just as you did for the DKIM
>>> record.
>>> 
>>> Niall O'Reilly
>>> ___
>>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
>>> unsubscribe from this list
>>> 
>>> bind-users mailing list
>>> bind-users@lists.isc.org
>>> https://lists.isc.org/mailman/listinfo/bind-users
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Fwd: Re: How to set up a dmarc record ?

2019-12-10 Thread Edouard Guigné via bind-users 

Hello,

What is wrong with my file zone ?
Why espcially for _dmarc IN TXT
I cannot get the ANSWER SECTION with a dig command ?

Best Regards,

Ed

 Message transféré 
Sujet : Re: How to set up a dmarc record ?
Date :  Tue, 10 Dec 2019 11:51:47 -0300
De :Edouard Guigné via bind-users 
Répondre à :Edouard Guigné 
Pour :  bind-users@lists.isc.org >> bind-users 



Hello,

I changed to "_dmarc" instead of "_dmarc.pasteur-cayenne.fr"
_dmarc IN  TXT ( "v=DMARC1; p=none; "
  "rua=mailto:dm...@pasteur-cayenne.fr; pct=5; "
  "sp=none; aspf=r" )

My zone file is updated :
# named-checkzone pasteur-cayenne.fr 
/var/named/external/db.pasteur-cayenne.fr

zone pasteur-cayenne.fr/IN: loaded serial 2019120810
OK

But It still does not give the dmarc ANSWER SECTION expected :
# dig IN txt _dmarc.pasteur-cayenne.fr. @ara.pasteur-cayenne.fr.

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> IN txt 
_dmarc.pasteur-cayenne.fr. @ara.pasteur-cayenne.fr.

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4753
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_dmarc.pasteur-cayenne.fr. IN  TXT

;; AUTHORITY SECTION:
_dmarc.pasteur-cayenne.fr. 3600 IN  NS ara.pasteur-cayenne.fr.

;; ADDITIONAL SECTION:
ara.pasteur-cayenne.fr. 3600    IN  A   186.2.246.17

;; Query time: 0 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: mar. déc. 10 11:42:21 -03 2019
;; MSG SIZE  rcvd: 88



Le 10/12/2019 à 10:46, Ondřej Surý a écrit :

Also the record on the next line looks suspicious:

 IN  NS  ara.pasteur-cayenne.fr.


I am very sorry because I am not very used with bind.

"ara" is the primary DNS for internet.

Is this line redundant with the line before ?
   NS  ara.pasteur-cayenne.fr.



As you delegated the whole subdomain to ara.p-c.fr again:


$ dig IN TXT _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. 
@ara.pasteur-cayenne.fr.

; <<>> DiG 9.11.8 <<>> IN TXT _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. 
@ara.pasteur-cayenne.fr.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52693
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 35c43e4d3150d78270cae65e5defa16cbf8158df5e59c89c (good)
;; QUESTION SECTION:
;_dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. IN TXT

;; AUTHORITY SECTION:
_dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. 3600 IN NS ara.pasteur-cayenne.fr.

;; ADDITIONAL SECTION:
ara.pasteur-cayenne.fr. 3600IN  A   186.2.246.17

;; Query time: 192 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: Tue Dec 10 14:45:16 CET 2019
;; MSG SIZE  rcvd: 135

I don’t think it was an intent.

Ondrej
--
Ondřej Surý
ond...@isc.org


On 10 Dec 2019, at 14:37, Niall O'Reilly  wrote:

On 10 Dec 2019, at 13:30, Edouard Guigné wrote:


; DMARC
_dmarc.pasteur-cayenne.fr IN  TXT ( "v=DMARC1; p=none; "
   
"rua=[mailto:dm...@pasteur-cayenne.fr](<mailto:dm...@pasteur-cayenne.fr>); pct=5; 
"
   "sp=none; aspf=r" )

Instead of "_dmarc.pasteur-cayenne.fr", you should put "_dmarc",
leaving out ".pasteur-cayenne.fr", just as you did for the DKIM
record.

Niall O'Reilly
___
Please visithttps://lists.isc.org/mailman/listinfo/bind-users  to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How to set up a dmarc record ?

2019-12-10 Thread Edouard Guigné via bind-users 

Hello,

I changed to "_dmarc" instead of "_dmarc.pasteur-cayenne.fr"
_dmarc IN  TXT ( "v=DMARC1; p=none; "
  "rua=mailto:dm...@pasteur-cayenne.fr; pct=5; "
  "sp=none; aspf=r" )

My zone file is updated :
# named-checkzone pasteur-cayenne.fr 
/var/named/external/db.pasteur-cayenne.fr

zone pasteur-cayenne.fr/IN: loaded serial 2019120810
OK

But It still does not give the dmarc ANSWER SECTION expected :
# dig IN txt _dmarc.pasteur-cayenne.fr. @ara.pasteur-cayenne.fr.

; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> IN txt 
_dmarc.pasteur-cayenne.fr. @ara.pasteur-cayenne.fr.

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4753
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_dmarc.pasteur-cayenne.fr. IN  TXT

;; AUTHORITY SECTION:
_dmarc.pasteur-cayenne.fr. 3600 IN  NS ara.pasteur-cayenne.fr.

;; ADDITIONAL SECTION:
ara.pasteur-cayenne.fr. 3600    IN  A   186.2.246.17

;; Query time: 0 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: mar. déc. 10 11:42:21 -03 2019
;; MSG SIZE  rcvd: 88



Le 10/12/2019 à 10:46, Ondřej Surý a écrit :

Also the record on the next line looks suspicious:

 IN  NS  ara.pasteur-cayenne.fr.


I am very sorry because I am not very used with bind.

"ara" is the primary DNS for internet.

Is this line redundant with the line before ?
   NS  ara.pasteur-cayenne.fr.




As you delegated the whole subdomain to ara.p-c.fr again:


$ dig IN TXT _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. 
@ara.pasteur-cayenne.fr.

; <<>> DiG 9.11.8 <<>> IN TXT _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. 
@ara.pasteur-cayenne.fr.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52693
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 35c43e4d3150d78270cae65e5defa16cbf8158df5e59c89c (good)
;; QUESTION SECTION:
;_dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. IN TXT

;; AUTHORITY SECTION:
_dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. 3600 IN NS ara.pasteur-cayenne.fr.

;; ADDITIONAL SECTION:
ara.pasteur-cayenne.fr. 3600IN  A   186.2.246.17

;; Query time: 192 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: Tue Dec 10 14:45:16 CET 2019
;; MSG SIZE  rcvd: 135

I don’t think it was an intent.

Ondrej
--
Ondřej Surý
ond...@isc.org


On 10 Dec 2019, at 14:37, Niall O'Reilly  wrote:

On 10 Dec 2019, at 13:30, Edouard Guigné wrote:


; DMARC
_dmarc.pasteur-cayenne.fr IN  TXT ( "v=DMARC1; p=none; "
   
"rua=[mailto:dm...@pasteur-cayenne.fr](); pct=5; 
"
   "sp=none; aspf=r" )

Instead of "_dmarc.pasteur-cayenne.fr", you should put "_dmarc",
leaving out ".pasteur-cayenne.fr", just as you did for the DKIM
record.

Niall O'Reilly
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How to set up a dmarc record ?

2019-12-10 Thread Mark Elkins 
The reason why is because you don't have a '.' at the end of 
"_dmarc.pasteur-cayenne.fr" so what you really have in your zone file 
is... "_dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr."


Another way of seeing this would be to do an AXFR of your zone - these 
mistakes then jump out at you!


Why do you have "NS ara.pasteur-cayenne.fr." twice ???  That may confuse 
you in the future.


On 2019/12/10 15:37, Niall O'Reilly wrote:

On 10 Dec 2019, at 13:30, Edouard Guigné wrote:


; DMARC
_dmarc.pasteur-cayenne.fr IN  TXT ( "v=DMARC1; p=none; "
"rua=[mailto:dm...@pasteur-cayenne.fr](); 
pct=5; "

  "sp=none; aspf=r" )


Instead of "_dmarc.pasteur-cayenne.fr", you should put "_dmarc",
leaving out ".pasteur-cayenne.fr", just as you did for the DKIM
record.

Niall O'Reilly
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
unsubscribe from this list


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

--

Mark James ELKINS  -  Posix Systems - (South) Africa
m...@posix.co.za Tel: +27.826010496 
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za

Posix SystemsVCARD for MJ Elkins

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How to set up a dmarc record ?

2019-12-10 Thread Ondřej Surý 
Also the record on the next line looks suspicious:

IN  NS  ara.pasteur-cayenne.fr.

As you delegated the whole subdomain to ara.p-c.fr again:


$ dig IN TXT _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. 
@ara.pasteur-cayenne.fr.

; <<>> DiG 9.11.8 <<>> IN TXT _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. 
@ara.pasteur-cayenne.fr.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52693
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 35c43e4d3150d78270cae65e5defa16cbf8158df5e59c89c (good)
;; QUESTION SECTION:
;_dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. IN TXT

;; AUTHORITY SECTION:
_dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. 3600 IN NS ara.pasteur-cayenne.fr.

;; ADDITIONAL SECTION:
ara.pasteur-cayenne.fr. 3600IN  A   186.2.246.17

;; Query time: 192 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: Tue Dec 10 14:45:16 CET 2019
;; MSG SIZE  rcvd: 135

I don’t think it was an intent.

Ondrej
--
Ondřej Surý
ond...@isc.org

> On 10 Dec 2019, at 14:37, Niall O'Reilly  wrote:
> 
> On 10 Dec 2019, at 13:30, Edouard Guigné wrote:
> 
>> ; DMARC
>> _dmarc.pasteur-cayenne.fr IN  TXT ( "v=DMARC1; p=none; "
>>   
>> "rua=[mailto:dm...@pasteur-cayenne.fr](); 
>> pct=5; "
>>   "sp=none; aspf=r" )
> 
> Instead of "_dmarc.pasteur-cayenne.fr", you should put "_dmarc",
> leaving out ".pasteur-cayenne.fr", just as you did for the DKIM
> record.
> 
> Niall O'Reilly
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How to set up a dmarc record ?

2019-12-10 Thread Niall O'Reilly 

On 10 Dec 2019, at 13:30, Edouard Guigné wrote:


; DMARC
_dmarc.pasteur-cayenne.fr IN  TXT ( "v=DMARC1; 
p=none; "
  
"rua=[mailto:dm...@pasteur-cayenne.fr](); 
pct=5; "

  "sp=none; aspf=r" )


Instead of "_dmarc.pasteur-cayenne.fr", you should put "_dmarc",
leaving out ".pasteur-cayenne.fr", just as you did for the DKIM
record.

Niall O'Reilly
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How to set up a dmarc record ?

2019-12-10 Thread Edouard Guigné 

Hello,

Thank you for your answer.
I apologize to not have put my real domain ; this was the first time I 
am asking help on this list andWaht was not confident.


So this is a dump of my zone file :
;
; BIND data file for local pasteur-cayenne.fr
;
$TTL    604800
@   IN  SOA ara.pasteur-cayenne.fr. 
hostmaster.pasteur-cayenne.fr. (

  2019120809    ;
    7200 ;
 3600 ;
 1209600    ;
   86400 )  ;

$TTL 86400  ; 1 day
    NS  ara.pasteur-cayenne.fr.
    NS  ns6.oleane.net.
    NS  ns7.oleane.net.
$TTL 3600   ; 1 hour
   MX  0 smtp.pasteur-cayenne.fr.
$ORIGIN pasteur-cayenne.fr.

@  86400    IN TXT   "v=spf1 a mx -all"
@  86400    IN SPF   "v=spf1 a mx -all"

; DKIM
; - DKIM key 1C8CAD 5A-194F-11EA-BDA2-7FCBBE1B5136 for 
pasteur-cayenne.fr


1C8CAD5A-194F-11EA-BDA2-7FCBBE1B5136._domainkey IN  TXT ( "v=DKIM1; 
k=rsa; "

"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtz9uhHIP6BeOL170uRLNtGD8Al/Dk3RHnB2oqaTpQUYojtnzq+J6CjyTGLlsX1aZk7Nbjxj13vf//O3tASV34QH1ozGEEmHptI953Qk9qLq6AUO+OZ1pkQ+8Z/VqXCbe5GLqDg1+lXI6T3zWN2FQNrUCm4HZ952jrrKSJET2dGYKLp49fUI6LZd15VSwTO+3DKAtpa16gbxbIu"
"Jxo3Jcd/pxQhWUYVmMA0/ZR4H0ZljD2EVGeSnNKNbCB3mOXFKTI/zW8Liqf+HpNs69qcmUvHlTCSokOlp/KT1AcSpfgnqAG3gwiyc2gFM+lgPX8c8bfd+8O64GX3zM17QGwbvf1wIDAQAB" 
)


; DMARC
_dmarc.pasteur-cayenne.fr IN  TXT ( "v=DMARC1; p=none; "
  "rua=mailto:dm...@pasteur-cayenne.fr; pct=5; "
  "sp=none; aspf=r" )

   IN  NS ara.pasteur-cayenne.fr.
ara A   186.2.246.17
smtp A   186.2.246.17

Why my DKIM record is working and not my dmarc record ?

here is the result of command named-checkzone :

# named-checkzone pasteur-cayenne.fr 
/var/named/external/db.pasteur-cayenne.fr

zone pasteur-cayenne.fr/IN: loaded serial 2019120809
OK

here is my dig test, which return nothing :
# dig txt +short _dmarc.pasteur-cayenne.fr @ara.pasteur-cayenne.fr

instead dig test for dkim gives :
# dig txt +short 
1C8CAD5A-194F-11EA-BDA2-7FCBBE1B5136._domainkey.pasteur-cayenne.fr 
@ara.pasteur-cayenne.fr
"v=DKIM1; k=rsa; " 
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtz9uhHIP6BeOL170uRLNtGD8Al/Dk3RHnB2oqaTpQUYojtnzq+J6CjyTGLlsX1aZk7Nbjxj13vf//O3tASV34QH1ozGEEmHptI953Qk9qLq6AUO+OZ1pkQ+8Z/VqXCbe5GLqDg1+lXI6T3zWN2FQNrUCm4HZ952jrrKSJET2dGYKLp49fUI6LZd15VSwTO+3DKAtpa16gbxbIu" 
"Jxo3Jcd/pxQhWUYVmMA0/ZR4H0ZljD2EVGeSnNKNbCB3mOXFKTI/zW8Liqf+HpNs69qcmUvHlTCSokOlp/KT1AcSpfgnqAG3gwiyc2gFM+lgPX8c8bfd+8O64GX3zM17QGwbvf1wIDAQAB"





Le 10/12/2019 à 10:11, Ondřej Surý a écrit :

Hi Edouard,

I would start by **not** anonymizing domains you want to help with. What’s the 
point of using my-domain.fr anyway?

$ dig +short IN TXT pasteur-cayenne.fr
"v=spf1 a mx -all"

There’s no shame in having a problem you can’t solve yourself. We’ve all been 
there. Disguising the real domain is very often misleading and prevents other 
people from helping you.

I would start by checking the correctness of the zone file (with 
named-checkzone) and making sure you bumped the serial number in SOA and you 
reloaded the zone.

Ondrej
--
Ondřej Surý
ond...@isc.org


On 10 Dec 2019, at 13:56, Edouard Guigné  wrote:

Dear all,

I am using bind 9.11.4-9.P2 installed on a centos 7 with yum.

I am seting dkim and dmarc record for a mail server.

I succeeded to set the dkim record ( a test with # dig txt + short ... works)

But I am stucked with dmarc record.
I filled my zone file like this :

...
$ORIGIN my-domain.fr.
...
@  86400IN TXT   "v=spf1 a mx -all"

selector._domainkey IN IN  TXT ( "v=DKIM1; k=rsa; "
   "p=..." )

_dmarc   IN  TXT "v=DMARC1; p=none; rua=mailto:dm...@my-domain.fr; pct=5; 
sp=none; aspf=r"
...

A test with the dig command does not give answer :
# dig txt +short _dmarc.my-domain.fr

May someone help me to make it works ?

Best Regards,

EdG

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How to set up a dmarc record ?

2019-12-10 Thread Ondřej Surý 
Hi Edouard,

I would start by **not** anonymizing domains you want to help with. What’s the 
point of using my-domain.fr anyway?

$ dig +short IN TXT pasteur-cayenne.fr
"v=spf1 a mx -all"

There’s no shame in having a problem you can’t solve yourself. We’ve all been 
there. Disguising the real domain is very often misleading and prevents other 
people from helping you.

I would start by checking the correctness of the zone file (with 
named-checkzone) and making sure you bumped the serial number in SOA and you 
reloaded the zone.

Ondrej
--
Ondřej Surý
ond...@isc.org

> On 10 Dec 2019, at 13:56, Edouard Guigné  wrote:
> 
> Dear all,
> 
> I am using bind 9.11.4-9.P2 installed on a centos 7 with yum.
> 
> I am seting dkim and dmarc record for a mail server.
> 
> I succeeded to set the dkim record ( a test with # dig txt + short ... works)
> 
> But I am stucked with dmarc record.
> I filled my zone file like this :
> 
> ...
> $ORIGIN my-domain.fr.
> ...
> @  86400IN TXT   "v=spf1 a mx -all"
> 
> selector._domainkey IN IN  TXT ( "v=DKIM1; k=rsa; "
>   "p=..." )
> 
> _dmarc   IN  TXT "v=DMARC1; p=none; rua=mailto:dm...@my-domain.fr; pct=5; 
> sp=none; aspf=r"
> ...
> 
> A test with the dig command does not give answer :
> # dig txt +short _dmarc.my-domain.fr
> 
> May someone help me to make it works ?
> 
> Best Regards,
> 
> EdG
> 
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

How to set up a dmarc record ?

2019-12-10 Thread Edouard Guigné 

Dear all,

I am using bind 9.11.4-9.P2 installed on a centos 7 with yum.

I am seting dkim and dmarc record for a mail server.

I succeeded to set the dkim record ( a test with # dig txt + short ... 
works)


But I am stucked with dmarc record.
I filled my zone file like this :

...
$ORIGIN my-domain.fr.
...
@  86400    IN TXT   "v=spf1 a mx -all"

selector._domainkey IN IN  TXT ( "v=DKIM1; k=rsa; "
  "p=..." )

_dmarc   IN  TXT "v=DMARC1; p=none; rua=mailto:dm...@my-domain.fr; 
pct=5; sp=none; aspf=r"

...

A test with the dig command does not give answer :
# dig txt +short _dmarc.my-domain.fr

May someone help me to make it works ?

Best Regards,

EdG

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users