There are folks who publish NS records at _dmarc.example.com that point to some super fancy DNS service that return DMARC TXT records.
tim On Thu, Mar 14, 2024 at 4:19 PM Todd Herr <todd.herr= 40valimail....@dmarc.ietf.org> wrote: > Colleagues, > > There was a discussion among M3AAWG members on March 13 that centered on > the question of whether DMARC records can be published in DNS as CNAMEs, > e.g., > > _dmarc.example.com IN CNAME _dmarc.example.org > > _dmarc.example.org IN TXT "v=DMARC1; p=reject; rua= > mailto:dmarc-repo...@example.org <dmarc-repo...@example.org>;" > > Section 3.6.2 of RFC 1034 seems to indicate that it is permissible to > publish DMARC records in this fashion, and describes the following scenario > using an CNAME record and an A record: > > For example, suppose a name server was processing a query with for USC- > > ISIC.ARPA, asking for type A information, and had the following resource > > records: > > USC-ISIC.ARPA IN CNAME C.ISI.EDU > > C.ISI.EDU IN A 10.0.0.52 > > Both of these RRs would be returned in the response to the type A query, > > while a type CNAME or * query should return just the CNAME. > > I recommend adding a paragraph to DMARCbis, section 5.1 DMARC Policy > Record at the end of that section that reads: > > Per RFC 1034 section 3.6.2, a DMARC record MAY be published as a CNAME > record, so long as the corresponding canonical name ultimately resolves to > a TXT record so as to ensure that queries of type TXT return a DNS RR in > the expected format. > > Issue 136 has been opened for this. > > -- > > Todd Herr | Technical Director, Standards & Ecosystem > Email: todd.h...@valimail.com > Phone: 703-220-4153 > > > This email and all data transmitted with it contains confidential and/or > proprietary information intended solely for the use of individual(s) > authorized to receive it. If you are not an intended and authorized > recipient you are hereby notified of any use, disclosure, copying or > distribution of the information included in this transmission is prohibited > and may be unlawful. Please immediately notify the sender by replying to > this email and then delete it from your system. > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc