User Tools

Site Tools


wiki:receive_dmarc_reports_different_domain

Receive dmarc reports to different domain

Add this in your dns foobar.com zone file:

example.com._report._dmarc  TXT "v=DMARC1;"

This is External Destination Verification. You can now receive DMARC reports for example.com domain to foobar.com email address.

Troubleshooting

ERROR:

15 09:42:58 nameserver named[25740]: /etc/bind/example.com.zone:26: foo.bar._report._dmarc.example.com: bad owner name (check-names)
15 09:42:58 nameserver named[25740]: zone example.com/IN: loading from master file /etc/bind/example.com.zone failed: bad owner name (check-names)
15 09:42:58 nameserver named[25740]: zone example.com/IN: not loaded due to errors.

This happens because bind9 strict RFC checking.

Check where in the zone file you have defined the record. Putting it after records where no hostname is defined doesn't seem to work and produces above message. Example:

                    MX   1 aspmx.l.google.com.
                    MX   5 alt1.aspmx.l.google.com.
                    MX   5 alt2.aspmx.l.google.com.
                    MX  10 alt3.aspmx.l.google.com.
                    MX  10 alt4.aspmx.l.google.com.
                    MX  15 afejaofwifjwafiajwfi32jfoiw3jawfeijfw.mx-verification.google.com
                    
foo.bar._report._dmarc TXT "v=DMARC1;"        

This should work:

...
ns2                  AAAA <quadip..>

; External Destination Verification; receive DMARC reports from auto23.hr domain to example.com email
foo.bar._report._dmarc  TXT "v=DMARC1;"
...

Another solution is to turn off bind9 RFC checks in zone definition file (named.conf.local) by adding check-names warn;:

zone "example.com" {
        type master;
        file "/etc/bind/example.com.zone";
        allow-query { any; };
        allow-transfer { slave_servers; };
        check-names warn;
};

See also

References

wiki/receive_dmarc_reports_different_domain.txt · Last modified: 2021/04/07 13:05 by antisa

Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki