Wildcard DMARC report destination #142
Comments
|
The Wikipedia article on wildcard DNS records states that a wildcard DNS record has a |
|
Hello,
In my understanding: yes, you configure the record on the DNS server by
providing * in the zone file, but the DNS server interprets such setting as
"whatever domains get queried, return the following data: ". So this will
result in all subdomains returning the configured result - you don't have
to query for a * subdomain separately.
What do you think?
czw., 1 sie 2024, 17:38 użytkownik Sean Whalen ***@***.***>
napisał:
… The Wikipedia article <https://en.wikipedia.org/wiki/Wildcard_DNS_record>
on wildcard DNS records states that a wildcard DNS record has a * at the
leftmost part of the hostname, which is the same as what we are checking
with .*_report._dmarc.example.com, so I don't see the distinction you are
making,
—
Reply to this email directly, view it on GitHub
<#142 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAJNBK3FGGKEXBF6XOMXDR3ZPJJARAVCNFSM6AAAAABLYPMO6OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENRTGM3TSMRSGA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
The RFC says that:
There are two possible interpretations of this paragraph. One is that to allow receiving reports from all domains the recipient domain should add a wildcard DNS record (not with a literal asterisk in the domain name) so that a query for any domain under _report._dmarc will return the same.
The second interpretation is that a DNS record with a literal asterisk should be added. Checkdmarc (and opendmarc) is checking for a domain with a literal asterisk. Are you sure this is a correct behavior?
The text was updated successfully, but these errors were encountered: