Open kazet opened 1 month ago
seanthegeek
commented
1 month ago The Wikipedia article on wildcard DNS records states that a wildcard DNS record has a * at the leftmost part of the hostname, which is the same as what we are checking with .*_report._dmarc.example.com, so I don't see the distinction you are making,
kazet
commented
1 month ago Hello,
In my understanding: yes, you configure the record on the DNS server by providing in the zone file, but the DNS server interprets such setting as "whatever domains get queried, return the following data: ". So this will result in all subdomains returning the configured result - you don't have to query for a subdomain separately.
What do you think?
czw., 1 sie 2024, 17:38 użytkownik Sean Whalen @.***> napisał:
The Wikipedia article https://en.wikipedia.org/wiki/Wildcard_DNS_record on wildcard DNS records states that a wildcard DNS record has a at the leftmost part of the hostname, which is the same as what we are checking with ._report._dmarc.example.com, so I don't see the distinction you are making,
— Reply to this email directly, view it on GitHub https://github.com/domainaware/checkdmarc/issues/142#issuecomment-2263379220, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAJNBK3FGGKEXBF6XOMXDR3ZPJJARAVCNFSM6AAAAABLYPMO6OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENRTGM3TSMRSGA . You are receiving this because you authored the thread.Message ID: @.***>
Hello,
The RFC says that:
There are two possible interpretations of this paragraph. One is that to allow receiving reports from all domains the recipient domain should add a wildcard DNS record (not with a literal asterisk in the domain name) so that a query for any domain under _report._dmarc will return the same.
The second interpretation is that a DNS record with a literal asterisk should be added. Checkdmarc (and opendmarc) is checking for a domain with a literal asterisk. Are you sure this is a correct behavior?