Well, I already told you what’s wrong and you ignored that part. Please read it again and understand what it means to delegate a part of the zone. Your problems are not specific to BIND 9, it’s just your zone file is wrong.
Ondrej -- Ondřej Surý — ISC > On 10 Dec 2019, at 17:43, Edouard Guigné via bind-users > <bind-users@lists.isc.org> wrote: > > > Hello, > > What is wrong with my file zone ? > Why espcially for _dmarc IN TXT > I cannot get the ANSWER SECTION with a dig command ? > > Best Regards, > > Ed > > -------- Message transféré -------- > Sujet : Re: How to set up a dmarc record ? > Date : Tue, 10 Dec 2019 11:51:47 -0300 > De : Edouard Guigné via bind-users <bind-users@lists.isc.org> > Répondre à : Edouard Guigné <egui...@pasteur-cayenne.fr> > Pour : bind-users@lists.isc.org >> bind-users > <bind-users@lists.isc.org> > > > Hello, > > I changed to "_dmarc" instead of "_dmarc.pasteur-cayenne.fr" > _dmarc IN TXT ( "v=DMARC1; p=none; " > "rua=mailto:dm...@pasteur-cayenne.fr; pct=5; " > "sp=none; aspf=r" ) > > My zone file is updated : > # named-checkzone pasteur-cayenne.fr /var/named/external/db.pasteur-cayenne.fr > zone pasteur-cayenne.fr/IN: loaded serial 2019120810 > OK > > But It still does not give the dmarc ANSWER SECTION expected : > # dig IN txt _dmarc.pasteur-cayenne.fr. @ara.pasteur-cayenne.fr. > > ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> IN txt > _dmarc.pasteur-cayenne.fr. @ara.pasteur-cayenne.fr. > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4753 > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2 > ;; WARNING: recursion requested but not available > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;_dmarc.pasteur-cayenne.fr. IN TXT > > ;; AUTHORITY SECTION: > _dmarc.pasteur-cayenne.fr. 3600 IN NS ara.pasteur-cayenne.fr. > > ;; ADDITIONAL SECTION: > ara.pasteur-cayenne.fr. 3600 IN A 186.2.246.17 > > ;; Query time: 0 msec > ;; SERVER: 186.2.246.17#53(186.2.246.17) > ;; WHEN: mar. déc. 10 11:42:21 -03 2019 > ;; MSG SIZE rcvd: 88 > > > > > > Le 10/12/2019 à 10:46, Ondřej Surý a écrit : >> Also the record on the next line looks suspicious: >> >> IN NS ara.pasteur-cayenne.fr. > I am very sorry because I am not very used with bind. > > "ara" is the primary DNS for internet. > > Is this line redundant with the line before ? > NS ara.pasteur-cayenne.fr. > > > >> As you delegated the whole subdomain to ara.p-c.fr again: >> >> >> $ dig IN TXT _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. >> @ara.pasteur-cayenne.fr. >> >> ; <<>> DiG 9.11.8 <<>> IN TXT _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. >> @ara.pasteur-cayenne.fr. >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52693 >> ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2 >> ;; WARNING: recursion requested but not available >> >> ;; OPT PSEUDOSECTION: >> ; EDNS: version: 0, flags:; udp: 4096 >> ; COOKIE: 35c43e4d3150d78270cae65e5defa16cbf8158df5e59c89c (good) >> ;; QUESTION SECTION: >> ;_dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. IN TXT >> >> ;; AUTHORITY SECTION: >> _dmarc.pasteur-cayenne.fr.pasteur-cayenne.fr. 3600 IN NS >> ara.pasteur-cayenne.fr. >> >> ;; ADDITIONAL SECTION: >> ara.pasteur-cayenne.fr. 3600 IN A 186.2.246.17 >> >> ;; Query time: 192 msec >> ;; SERVER: 186.2.246.17#53(186.2.246.17) >> ;; WHEN: Tue Dec 10 14:45:16 CET 2019 >> ;; MSG SIZE rcvd: 135 >> >> I don’t think it was an intent. >> >> Ondrej >> -- >> Ondřej Surý >> ond...@isc.org >> >>>> On 10 Dec 2019, at 14:37, Niall O'Reilly <niall.orei...@ucd.ie> wrote: >>>> >>>> On 10 Dec 2019, at 13:30, Edouard Guigné wrote: >>>> >>>> ; DMARC >>>> _dmarc.pasteur-cayenne.fr IN TXT ( "v=DMARC1; p=none; " >>>> >>>> "rua=[mailto:dm...@pasteur-cayenne.fr](<mailto:dm...@pasteur-cayenne.fr>); >>>> pct=5; " >>>> "sp=none; aspf=r" ) >>> Instead of "_dmarc.pasteur-cayenne.fr", you should put "_dmarc", >>> leaving out ".pasteur-cayenne.fr", just as you did for the DKIM >>> record. >>> >>> Niall O'Reilly >>> _______________________________________________ >>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >>> unsubscribe from this list >>> >>> bind-users mailing list >>> bind-users@lists.isc.org >>> https://lists.isc.org/mailman/listinfo/bind-users > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
