[dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC Records Can Be CNAMEs
Todd Herr <todd.herr@valimail.com> Thu, 14 March 2024 20:18 UTC
Return-Path: <todd.herr@valimail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A311C14F6A2 for <dmarc@ietfa.amsl.com>; Thu, 14 Mar 2024 13:18:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Oz-U-xOqLaMs for <dmarc@ietfa.amsl.com>; Thu, 14 Mar 2024 13:18:48 -0700 (PDT)
Received: from mail-yb1-xb33.google.com (mail-yb1-xb33.google.com [IPv6:2607:f8b0:4864:20::b33]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DFAB6C14F60C for <dmarc@ietf.org>; Thu, 14 Mar 2024 13:18:48 -0700 (PDT)
Received: by mail-yb1-xb33.google.com with SMTP id 3f1490d57ef6-dc6d8bd618eso1201873276.3 for <dmarc@ietf.org>; Thu, 14 Mar 2024 13:18:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; t=1710447527; x=1711052327; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=+Xc2v+6wTCKW5NQIZHoawnNNsCzxl+HXkNmOPlq4Lrw=; b=DeyjkFzUns6rImF16g7OBK2ETQpwfbXxTeyzg9CawKpiQFqxXDzdNBB3SyGXKi/erN 4N+AoC6FPlZWFCoEdFJTtbV9n9TTHsHt7bkfy8qRpIltnVvaWVPOKO/Nim3RL428924s iyPCLr3CyD7kJbPF7iKPHGtU7Ux1sjXqMc8ZpNR6p8nEhW6DeAvnSUnghEmU09Wy76OM JyJLLOLT40aVrJ3k0OBUlxf81mYcGqSSagnMlQxp90fQfeVmRbDc+hvxLRt+DBFbPkwn uWCC/DMrKmRtRRymwHI/2+YA+neTxKgg5VnMwsEEEruMBg8Bh55AcrdD/O+bS9mPA5pT Fhtg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710447527; x=1711052327; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=+Xc2v+6wTCKW5NQIZHoawnNNsCzxl+HXkNmOPlq4Lrw=; b=IKZje+VqYSVcDUctlt0OhGHBPHS7+XpjlpfIrZmr31+eEOFLiJJ75vA9IG3BdS1JIR nPnpSv0nI8oEyvUo/Z40vs2uZ3g7r0JLKCWkoTmmyOMcvzfxeHn9vQWsg5JAwTZ3BlyH senJOxMSNLzOaWG4OlbdMfjYg3qfFd/9M7tKe9S7UT3wC5Uu1rnyJ514lSbtrt9fwA86 Q2vlqrY0cI7oZ+qHxeMtLr8wEIq4MzET+rv3E3WlfQ1NzRjN700lnKcdz9I8VebigAOb BnzPHQZFgXuZMSXyM1AytRiMhpYAdb2nHHr+KdbAmIVwNUegHYBHy/a9hcXu3hEv3SDB x5ZA==
X-Gm-Message-State: AOJu0Ywtqg46YWOxDdtNCU1Kgdsh+kIjx+OxpTqx99YclomSrH0UdIp/ H90cgXGC1hD8SoirOEqwH/OJCI0ntpblas8q2eVAf8I5a1/qy5IkHq3zOsJtEWzRsqTnrV9bLvb j6R6Vyohpe1WvJdFyiXFjDPWqeDyXJ4nSPL+Az3d++w0OBwScJmQ=
X-Google-Smtp-Source: AGHT+IHwWbaep+bOw0FiloXutL3qy5+hAXtleuGcRp/JHG3CWXWrq+ta/metAlXqIFkcfAQEIREW9rDj0lwxxFiM1gA=
X-Received: by 2002:a25:3611:0:b0:dc7:4c92:16a3 with SMTP id d17-20020a253611000000b00dc74c9216a3mr2680577yba.27.1710447527473; Thu, 14 Mar 2024 13:18:47 -0700 (PDT)
MIME-Version: 1.0
From: Todd Herr <todd.herr@valimail.com>
Date: Thu, 14 Mar 2024 16:18:31 -0400
Message-ID: <CAHej_8kip_p+n56=Y5WuVG2M_+HXHj51fyY3k6dx-itJRZkCpQ@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000048535d0613a499a5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/BM5eXuoqDZmiB_FTw_2OWXtNUr4>
Subject: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC Records Can Be CNAMEs
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2024 20:18:53 -0000
Colleagues, There was a discussion among M3AAWG members on March 13 that centered on the question of whether DMARC records can be published in DNS as CNAMEs, e.g., _dmarc.example.com IN CNAME _dmarc.example.org _dmarc.example.org IN TXT "v=DMARC1; p=reject; rua= mailto:dmarc-reports@example.org <dmarc-reports@example.org>;" Section 3.6.2 of RFC 1034 seems to indicate that it is permissible to publish DMARC records in this fashion, and describes the following scenario using an CNAME record and an A record: For example, suppose a name server was processing a query with for USC- ISIC.ARPA, asking for type A information, and had the following resource records: USC-ISIC.ARPA IN CNAME C.ISI.EDU C.ISI.EDU IN A 10.0.0.52 Both of these RRs would be returned in the response to the type A query, while a type CNAME or * query should return just the CNAME. I recommend adding a paragraph to DMARCbis, section 5.1 DMARC Policy Record at the end of that section that reads: Per RFC 1034 section 3.6.2, a DMARC record MAY be published as a CNAME record, so long as the corresponding canonical name ultimately resolves to a TXT record so as to ensure that queries of type TXT return a DNS RR in the expected format. Issue 136 has been opened for this. -- Todd Herr | Technical Director, Standards & Ecosystem Email: todd.herr@valimail.com Phone: 703-220-4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Mark Alley
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Scott Kitterman
- [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC Reco… Todd Herr
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Mark Alley
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Todd Herr
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Mark Alley
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Todd Herr
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Mark Alley
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Todd Herr
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Tim Wicinski
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Tim Wicinski
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … John Levine
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Murray S. Kucherawy
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … OLIVIER HUREAU
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Scott Kitterman
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Alessandro Vesely
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Neil Anuskiewicz
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Tero Kivinen
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Scott Kitterman
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … Neil Anuskiewicz
- Re: [dmarc-ietf] DMARCbis WGLC Issue 136 - DMARC … John Levine