On Wed 01/Mar/2023 11:12:06 +0100 Laura Atkins wrote:
On 1 Mar 2023, at 09:07, Alessandro Vesely <ves...@tana.it> wrote:
However, in that case both zones are under the same master server:
cuny.edu. 2801 IN SOA acme.ucc.cuny.edu.
hostmaster.acme.ucc.cuny.edu. 2019022032 3600 1800 2419200 3600
bmcc.cuny.edu. 300 IN SOA acme.ucc.cuny.edu.
hostmaster.acme.ucc.cuny.edu. 200804826 300 3600 2419200 3600
ret.bmcc.cuny.edu. (no SOA)
(Those funny serials cannot begin with the year. We had no DMARC in 2008.)
I don’t see how that changes anything. You walk up the DNS hierarchy and stop
when you find a DMARC policy statement. You don’t bypass that statement and
keep walking, IMO.
You may want to keep walking if you need to establish which is the org domain,
for alignment purposes. Part of the walk can be optimized out when (one of)
the verified identifiers lies within the subtree explored thus far. I'm not
sure how I'm going to implement that.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
