subject:"Re\: Setting Up An Running Your Own Dmarc using Bind DNS"

Re: Setting Up An Running Your Own Dmarc using Bind DNS

2022-06-27 Thread Bruce Johnson via bind-users

On Jun 27, 2022, at 11:34 AM, Stephane Bortzmeyer
mailto:bortzme...@nic.fr>> wrote:

Also, I do not understand the writing of "hundreds of lines of
code". The code to load DMARC records is in BIND for a very long time
since they are just TXT records.

@ IN TXT v=DMARC1; p=reject; rua=mailto:dmarc_rep...@mail.netassoc.net;
ruf=mailto:demarc_foren...@mail.netassoc.net; fo=1;

Quotes, may be?

Yes this part needs to be in quotes"v=DMARC1; p=reject;
rua=mailto:dmarc_rep...@mail.netassoc.net
ruf=mailto:demarc_foren...@mail.netassoc.net; fo=1;"

Also, DMARC records need to be at _dmarc under the apex, not at the
apex.

I found this to be a very helpful guide to setting up DMARC in bind. it has
examples:

https://www.sonicwall.com/support/knowledge-base/what-is-a-dmarc-record-and-how-do-i-create-it-on-dns-server/170504796167071/

here is a good site with tools to check DMARC, DKIM and SPF records.
https://www.dmarcanalyzer.com/dmarc/

I think cname "_dmarc.netassoc.net. IN CNAME
netassoc.net.” is not needed. The
_dmarc.netassoc.net entry identifies
netassoc.net as the domain the dmarc record is for. At
least I do not have that CNAME set for my domain and DMARC passes all the tests.

--
Bruce Johnson
University of Arizona
College of Pharmacy
Information Technology Group

Institutions do not have opinions, merely customs

--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list

ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Setting Up An Running Your Own Dmarc using Bind DNS

2022-06-27 Thread Stephane Bortzmeyer

On Mon, Jun 27, 2022 at 02:16:26PM -0400,
 daniel jay foran  wrote 
 a message of 370 lines which said:

> I cant be the only one that has racked his brains and written
> hundreds of lines of code trying to get ISC BIND 9 to authenticate
> Dmarc records correctly.

I'm not sure I understand you since it is clearly not BIND's job to
authenticate DMARC records. It loads them and serves them, period.

Also, I do not understand the writing of "hundreds of lines of
code". The code to load DMARC records is in BIND for a very long time
since they are just TXT records.

> @ IN TXT v=DMARC1; p=reject; rua=mailto:dmarc_rep...@mail.netassoc.net;
> ruf=mailto:demarc_foren...@mail.netassoc.net; fo=1;

Quotes, may be?

Also, DMARC records need to be at _dmarc under the apex, not at the
apex.

Then, the best way to test your DMARC records is to use an
auto-responder with diagnostics like p...@tools.mxtoolbox.com or
.
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Setting Up An Running Your Own Dmarc using Bind DNS

Re: Setting Up An Running Your Own Dmarc using Bind DNS

2 matches

Site Navigation

Mail list logo

Footer information