search

StackExchange / dnscontrol

Infrastructure as code for DNS!
https://dnscontrol.org/
MIT License
3.14k stars 399 forks source link

Support for mx.microsoft. in M365_BUILDER #3185

Open ajh0912 opened 1 week ago

ajh0912 commented 1 week ago

Is your feature request related to a problem? Please describe. Microsoft has recently introduced support for inbound SMTP DANE in Exchange Online, and with it comes a new MX record target that will be in a DNSSEC signed zone.

Implementation would involve changing MX record target from example-com.protection.outlook.com. to example-com.<random-id>.mx.microsoft.
Where <random-id> may be different per-domain. To mitigate DNSSEC performance issues with large zones Microsoft are spreading MX targets across many zones.

Describe the solution you'd like Currently, M365_BUILDER supports setting an MX record following the example-com.protection.outlook.com. pattern, by using mx: true.

It would be good to also support the example-com.<random-id>.mx.microsoft. pattern.

It could be done by using an additional label of mxHost, defaulting to protection.outlook.com if undefined. This would allow the user to specify mxHost: "<random-id>.mx.microsoft", but could also be used to accommodate the sovereign clouds like Office 365 DOD, or 21Vianet - as they all use different MX target hosts.

Another way would be changing the behaviour of mx to support true, false, or "<any MX target here>".
This would avoid needing another label and wouldn't break backwards compatibility, but I don't know what the opinion on mixing types in a label is.

Describe alternatives you've considered For domains that we want to use inbound SMTP DANE with, we can set the M365_BUILDER to mx: false and set an MX record manually for example-com.<random-id>.mx.microsoft.

ajh0912 commented 1 week ago

I'm not quite sure what the future looks like for functions like M365_BUILDER, with the possibility of deprecating them and standing up a directory of example snippets instead also discussed here for new function request.

I've made PR #3191 in the assumption that M365_BUILDER remains for now, and that the maintainers are okay to further extend its functionality.

I've never contributed to a project that uses Go before, and I have a basic understanding of JS (I'm a systems administrator), so let me know if there's any obvious issues.