Add MTA-STS_BUILDER

[pro-sumer]

Is your feature request related to a problem?

Adding MTA Strict Transport Security (MTA-STS) to a domain requires adding several records. For DMARC we have a builder (DMARC_BUILDER); it would be nice if we have one for MTA-STS as well.

Describe the solution you'd like

A new language construct MTA-STS_BUILDER that adds the appropriate CNAME/TXT/A records for MTA-STS:

MTA-STS_BUILDER({
    policy-domain: "@",
    id: "20240721201600",
    rua: [
        "mailto:tlsrpt@example.com",
    ],
}),

Describe alternatives you've considered

Adding those records individually:

[
    CNAME('mta-sts', '@'),
    TXT('_mta-sts', 'v=STSv1; id=20240721201600'),
    TXT('_smtp._tls', 'v=TLSRPTv1; rua=mailto:tlsrpt@example.com; id=20240721201600'),
]

Additional context

More info on setting up MTA-STS records:

• What Is MTA-STS?
• Securing Inbound Email Transport with MTA-STS

[tlimoncelli]

I'm kind of torn on how to handle this kind of submission. On one hand, it is great to be able to offer such macros. On the other hand, we've had problems where the macros get so complex that they need support, and I'm not in a position to support them. In one case we needed to make a breaking change and... that got complex.

Here's some ideas I have:

• Start a separate git repository of macros that has relatively lax PR acceptance requirements
• Put such macros in a "contrib" subfolder in the dnscontrol git repo
• List these macros on a page in the docs (docs.dnscontrol.org) (one big page with a TOC)

CC @cafferata for visibility