Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC Records Can Be CNAMEs

Thu, 14 Mar 2024 13:28:27 -0700 

If we need some real world examples of this, got a few here:

_dmarc.oit.alabama.gov

_dmarc.tjx.com

_dmarc.walmart.com

_dmarc.novanta.com

- Mark Alley

On 3/14/2024 3:18 PM, Todd Herr wrote:

Colleagues,
There was a discussion among M3AAWG members on March 13 that centered on the question of whether DMARC records can be published in DNS as CNAMEs, e.g., 

    _dmarc.example.com <http://dmarc.example.com> IN CNAME
    _dmarc.example.org <http://dmarc.example.org>

    _dmarc.example.org <http://dmarc.example.org> IN TXT "v=DMARC1;
    p=reject; rua=mailto:dmarc-repo...@example.org
    <mailto:dmarc-repo...@example.org>;"
Section 3.6.2 of RFC 1034 seems to indicate that it is permissible to publish DMARC records in this fashion, and describes the following scenario using an CNAME record and an A record: 

    For example, suppose a name server was processing a query with for
    USC-

    ISIC.ARPA, asking for type A information, and had the following
    resource

    records:

    |USC-ISIC.ARPA IN CNAME C.ISI.EDU <http://C.ISI.EDU>|

    |C.ISI.EDU <http://C.ISI.EDU> IN A 10.0.0.52|

    Both of these RRs would be returned in the response to the type A
    query,

    while a type CNAME or * query should return just the CNAME.
I recommend adding a paragraph to DMARCbis, section 5.1 DMARC Policy Record at the end of that section that reads: 

    Per RFC 1034 section 3.6.2, a DMARC record MAY be published as a
    CNAME record, so long as the corresponding canonical name
    ultimately resolves to a TXT record so as to ensure that queries
    of type TXT return a DNS RR in the expected format.

Issue 136 has been opened for this.

--

Todd Herr | Technical Director, Standards & Ecosystem
Email: todd.h...@valimail.com
Phone: 703-220-4153
This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system. 


_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to