antisaWiki

User Tools

Site Tools

Trace:
wiki:receive_dmarc_reports_different_domain

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
wiki:receive_dmarc_reports_different_domain [2020/12/07 14:27] – created antisawiki:receive_dmarc_reports_different_domain [2021/04/07 13:05] (current) – add DMARC and DKIM operation from Microsoft Docs antisa
Line 7: Line 7:
 This is External Destination Verification. You can now receive DMARC reports for example.com domain to foobar.com email address. This is External Destination Verification. You can now receive DMARC reports for example.com domain to foobar.com email address.
  
-====== Tested on ====== +===== Troubleshooting ===== 
-  +<wrap em>ERROR</wrap>: 
 +<code> 
 +15 09:42:58 nameserver named[25740]: /etc/bind/example.com.zone:26: foo.bar._report._dmarc.example.com: bad owner name (check-names) 
 +15 09:42:58 nameserver named[25740]: zone example.com/IN: loading from master file /etc/bind/example.com.zone failed: bad owner name (check-names) 
 +15 09:42:58 nameserver named[25740]: zone example.com/IN: not loaded due to errors. 
 +</code>
  
-====== See also ======+This happens because bind9 strict RFC checking.
  
-====== References ======+Check where in the zone file you have defined the record. Putting it after records where no hostname is defined doesn't seem to work and produces above message. Example: 
 +<code> 
 +                    MX   1 aspmx.l.google.com. 
 +                    MX   5 alt1.aspmx.l.google.com. 
 +                    MX   5 alt2.aspmx.l.google.com. 
 +                    MX  10 alt3.aspmx.l.google.com. 
 +                    MX  10 alt4.aspmx.l.google.com. 
 +                    MX  15 afejaofwifjwafiajwfi32jfoiw3jawfeijfw.mx-verification.google.com 
 +                     
 +foo.bar._report._dmarc TXT "v=DMARC1;"         
 +</code>
  
 +This should work:
 +<code>
 +...
 +ns2                  AAAA <quadip..>
 +
 +; External Destination Verification; receive DMARC reports from auto23.hr domain to example.com email
 +foo.bar._report._dmarc  TXT "v=DMARC1;"
 +...
 +</code>
 +
 +Another solution is to turn off bind9 RFC checks in zone definition file (''named.conf.local'') by adding ''check-names warn;'':
 +<code>
 +zone "example.com" {
 +        type master;
 +        file "/etc/bind/example.com.zone";
 +        allow-query { any; };
 +        allow-transfer { slave_servers; };
 +        check-names warn;
 +};
 +
 +</code>
 +
 +===== See also =====
 +  * [[https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dmarc-to-validate-email?view=o365-worldwide|DMARC and DKIM operation from Microsoft Docs]]
 +
 +===== References =====
 +  * https://linux.m2osw.com/setting-bind-get-letsencrypt-wildcards-work-your-system-using-rfc-2136
  
wiki/receive_dmarc_reports_different_domain.1607347653.txt.gz · Last modified: 2020/12/07 14:27 by antisa
Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki