Closed toddherr closed 5 months ago
moonshiner
commented
5 months ago Per RFC 1034 section 3.6.2, a DMARC record MAY be published as a CNAME record, as long as the corresponding canonical name ultimately resolves to a TXT record, and that TXT returned is a DNS RR in the expected format.
maybe?
toddherr
commented
5 months ago I'm going with
Also, consistent with [@!RFC1034, section 3.6.2], a DMARC record **MAY** be published as a CNAME record, as long as the corresponding canonical name ultimately resolves to a TXT record, and that TXT record is a DNS Resource Record (RR) in the expected format.
Published and committed to working branch.
toddherr
commented
5 months ago After further discussion on list, consensus landed on agreement that CNAMEs are fine, but that there's no need to mention them in DMARCbis, so paragraph has been removed.
A discussion outside the IETF centered on the question of whether or not a DMARC record can be published in DNS as a CNAME, e.g.,
_dmarc.example.com IN CNAME _dmarc.example.org _dmarc.example.org IN TXT "v=DMARC1; p=reject; rua=mailto:dmarc-reports@example.org;"
Section 3.6.2 of RFC 1034 seems to indicate that it is permissible to publish DMARC records in this fashion, and describes the following scenario using an CNAME record and an A record:
`For example, suppose a name server was processing a query with for USC- ISIC.ARPA, asking for type A information, and had the following resource records:
Both of these RRs would be returned in the response to the type A query, while a type CNAME or * query should return just the CNAME.`
Recommend adding a paragraph to DMARCbis, section 5.1 DMARC Policy Record at the end of that section that reads:
Per RFC 1034 section 3.6.2, a DMARC record MAY be published as a CNAME record, so long as the corresponding canonical name ultimately resolves to a TXT record so as to ensure that queries of type TXT return a DNS RR in the expected format.