Re: How to set up a dmarc record ?

Wed, 11 Dec 2019 03:42:04 -0800 

Hello,

Yes, my problem is fixed !

Thank you very much

Le 10/12/2019 à 17:25, Emre Özüdoğru a écrit :
If I query your zone. It give me answer you wanted. Is your problem continues or fixed?
emre@FXMBP ~ % dig IN txt _dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>. @ara.pasteur-cayenne.fr.
; <<>> DiG 9.10.6 <<>> IN txt _dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>. @ara.pasteur-cayenne.fr. 
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33317
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>.INTXT

;; ANSWER SECTION:
_dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>. 3600INTXT"v=DMARC1; p=none; " "rua=mailto:dm...@pasteur-cayenne.fr; pct=5; " "sp=none; aspf=r" 

;; AUTHORITY SECTION:
pasteur-cayenne.fr <http://pasteur-cayenne.fr>.86400INNSns6.oleane.net <http://ns6.oleane.net>. pasteur-cayenne.fr <http://pasteur-cayenne.fr>.86400INNSara.pasteur-cayenne.fr <http://ara.pasteur-cayenne.fr>. pasteur-cayenne.fr <http://pasteur-cayenne.fr>.86400INNSns7.oleane.net <http://ns7.oleane.net>. 

;; ADDITIONAL SECTION:
ara.pasteur-cayenne.fr <http://ara.pasteur-cayenne.fr>.3600INA186.2.246.17

;; Query time: 221 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: Tue Dec 10 23:21:21 +03 2019
;; MSG SIZE  rcvd: 226
On 10 Dec 2019, at 19:46, Ondřej Surý <ond...@isc.org <mailto:ond...@isc.org>> wrote:
Well, I already told you what’s wrong and you ignored that part. Please read it again and understand what it means to delegate a part of the zone. Your problems are not specific to BIND 9, it’s just your zone file is wrong. 

Ondrej
--
Ondřej Surý — ISC
On 10 Dec 2019, at 17:43, Edouard Guigné via bind-users <bind-users@lists.isc.org <mailto:bind-users@lists.isc.org>> wrote: 



Hello,

What is wrong with my file zone ?
Why espcially for _dmarc IN TXT
I cannot get the ANSWER SECTION with a dig command ?

Best Regards,

Ed

-------- Message transféré --------
Sujet :         Re: How to set up a dmarc record ?
Date :  Tue, 10 Dec 2019 11:51:47 -0300
De :    Edouard Guigné via bind-users <bind-users@lists.isc.org>
Répondre à :    Edouard Guigné <egui...@pasteur-cayenne.fr>
Pour : bind-users@lists.isc.org >> bind-users <bind-users@lists.isc.org> 



Hello,
I changed to "_dmarc" instead of "_dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>" 
_dmarc IN      TXT ( "v=DMARC1; p=none; "
          "rua=mailto:dm...@pasteur-cayenne.fr; pct=5; "
          "sp=none; aspf=r" )

My zone file is updated :
# named-checkzone pasteur-cayenne.fr <http://pasteur-cayenne.fr> /var/named/external/db.pasteur-cayenne.fr <http://db.pasteur-cayenne.fr> zone pasteur-cayenne.fr/IN: <http://pasteur-cayenne.fr/IN:> loaded serial 2019120810 
OK

But It still does not give the dmarc ANSWER SECTION expected :
# dig IN txt _dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>. @ara.pasteur-cayenne.fr.
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> IN txt _dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>. @ara.pasteur-cayenne.fr. 
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4753
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;_dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>. IN      TXT 

;; AUTHORITY SECTION:
_dmarc.pasteur-cayenne.fr <http://dmarc.pasteur-cayenne.fr>. 3600 IN      NS ara.pasteur-cayenne.fr <http://ara.pasteur-cayenne.fr>. 

;; ADDITIONAL SECTION:
ara.pasteur-cayenne.fr <http://ara.pasteur-cayenne.fr>. 3600    IN      A       186.2.246.17 

;; Query time: 0 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: mar. déc. 10 11:42:21 -03 2019
;; MSG SIZE  rcvd: 88



Le 10/12/2019 à 10:46, Ondřej Surý a écrit :

Also the record on the next line looks suspicious:

         IN      NSara.pasteur-cayenne.fr  <http://ara.pasteur-cayenne.fr>.


I am very sorry because I am not very used with bind.

"ara" is the primary DNS for internet.

Is this line redundant with the line before ?
                       NS ara.pasteur-cayenne.fr <http://ara.pasteur-cayenne.fr>. 



As you delegated the whole subdomain toara.p-c.fr  <http://ara.p-c.fr>  again:


$ dig IN TXT _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr  
<http://dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr>. @ara.pasteur-cayenne.fr.

; <<>> DiG 9.11.8 <<>> IN TXT _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr  
<http://dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr>. @ara.pasteur-cayenne.fr.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52693
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 35c43e4d3150d78270cae65e5defa16cbf8158df5e59c89c (good)
;; QUESTION SECTION:
;_dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr  
<http://dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr>. IN TXT

;; AUTHORITY SECTION:
_dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr  
<http://dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr>. 3600 IN 
NSara.pasteur-cayenne.fr  <http://ara.pasteur-cayenne.fr>.

;; ADDITIONAL SECTION:
ara.pasteur-cayenne.fr  <http://ara.pasteur-cayenne.fr>.  3600    IN      A     
  186.2.246.17

;; Query time: 192 msec
;; SERVER: 186.2.246.17#53(186.2.246.17)
;; WHEN: Tue Dec 10 14:45:16 CET 2019
;; MSG SIZE  rcvd: 135

I don’t think it was an intent.

Ondrej
--
Ondřej Surý
ond...@isc.org


On 10 Dec 2019, at 14:37, Niall O'Reilly<niall.orei...@ucd.ie>  wrote:

On 10 Dec 2019, at 13:30, Edouard Guigné wrote:


; DMARC
_dmarc.pasteur-cayenne.fr  <http://dmarc.pasteur-cayenne.fr>  IN      TXT     ( 
"v=DMARC1; p=none; "
           
"rua=[mailto:dm...@pasteur-cayenne.fr](<mailto:dm...@pasteur-cayenne.fr>); pct=5; 
"
           "sp=none; aspf=r" )

Instead of "_dmarc.pasteur-cayenne.fr  <http://dmarc.pasteur-cayenne.fr>", you should put 
"_dmarc",
leaving out ".pasteur-cayenne.fr  <http://pasteur-cayenne.fr>", just as you did 
for the DKIM
record.

Niall O'Reilly
_______________________________________________
Please visithttps://lists.isc.org/mailman/listinfo/bind-users  to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list 

bind-users mailing list
bind-users@lists.isc.org <mailto:bind-users@lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users <https://lists.isc.org/mailman/listinfo/bind-users> to unsubscribe from this list 

bind-users mailing list
bind-users@lists.isc.org <mailto:bind-users@lists.isc.org>
https://lists.isc.org/mailman/listinfo/bind-users



TurkNet <https://turk.net/>
------------------------------------------------------------------------
Bu elektronik posta ve onunla iletilen bütün dosyalar sadece göndericisi tarafından alması amaçlanan yetkili gerçek ya da tüzel kişinin kullanımı içindir. Eğer söz konusu yetkili alıcı değilseniz bu elektronik postanın içeriğini açıklamanız, kopyalamanız, yönlendirmeniz ve kullanmanız kesinlikle yasaktır ve bu elektronik postayı derhal silmeniz gerekmektedir. TurkNet bu mesajın içerdiği bilgilerin doğruluğu veya eksiksiz olduğu konusunda herhangi bir garanti vermemektedir. Bu nedenle bu bilgilerin ne şekilde olursa olsun içeriğinden, iletilmesinden, alınmasından ve saklanmasından sorumlu değildir. Bu mesajdaki görüşler yalnızca gönderen kişiye aittir ve TurkNet'in görüşlerini yansıtmayabilir. Bu e-posta bilinen bütün bilgisayar virüslerine karşı taranmıştır. 
________________________________________
This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient you are hereby notified that any dissemination, forwarding, copying or use of any of the information is strictly prohibited, and the e-mail should immediately be deleted. TurkNet makes no warranty as to the accuracy or completeness of any information contained in this message and hereby excludes any liability of any kind for the information contained therein or for the information transmission, reception, storage or use of such in any way whatsoever. The opinions expressed in this message belong to sender alone and may not necessarily reflect the opinions of TurkNet. This e-mail has been scanned for all known computer viruses. 
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to