On Fri, Nov 21, 2025 at 3:02 PM Gellner, Oliver via mailop < [email protected]> wrote:
> On 21.11.2025 at 18:25 Alex Shakhov | SH Consulting via mailop wrote: > > > Based on what I’m seeing, this does not appear to be a DNS propagation > issue. We’ve implemented several other DNS records since then, and those > changes have propagated normally. External resolvers can also see the CNAME > record we added with the correct target value so the record itself is in > place and resolving. > > > However, for some reason the underlying TXT record behind CNAME is not > being evaluated. > > > I may need to try publishing a direct DMARC TXT record instead. That > wasn’t the original plan since we don’t have direct DNS access, but it > might be the only reliable way to ensure proper DMARC evaluation. > > > Domain name: http://elevatere.agency > > I can resolve both a TXT and a CNAME record for _dmarc.elevatere.agency, > which should not happen. > I don't believe the issue is related to DMARC in particular, but rather a > general issue with one of the involved DNS servers. > > Same. Authoritative servers for elevatere.agency are Cloudflare, and Cloudflare's servers are serving up both TXT and CNAME records for _ dmarc.elevatere.agency. That violates RFC 2181 ( https://datatracker.ietf.org/doc/html/rfc2181#section-10.1). Gotta pick either TXT or CNAME. $ dig elevatere.agency ns +short jose.ns.cloudflare.com. raphaela.ns.cloudflare.com. $ dig _dmarc.elevatere.agency txt @jose.ns.cloudflare.com +short "v=DMARC1; p=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1:d:s" $ dig _dmarc.elevatere.agency cname @jose.ns.cloudflare.com +short honey-25079.dmarc.cc. -- Todd
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
