Brett Delmage
2021-06-02 04:59:36 UTC
I have added the following two records
_mta-sts.BrettDelmage.ca. 180 IN TXT "v=STSv1; id=2021060102;"
_smtp._tls.BrettDelmage.ca. 180 IN TXT "TLSRPTv1; rua=mailto:***@brettdelmage.ca"
to a signed zone to enable Mail Transfer Agent Strict Transport Security.
When I run
/var/lib/bind/master# named-compilezone -k warn -o - BrettDelmage.ca BrettDelmage.ca
I get the expected error for the leading _, but only for _mta_sts.
BrettDelmage.ca:21: mta_sts.BrettDelmage.ca: bad owner name (check-names)
zone BrettDelmage.ca/IN: loaded serial 2021060110
BrettDelmage.ca. 180 IN SOA cacloud.brettdelmage.ca. hostmaster.BrettDelmage.ca. 2021060110 180 300 1814400 3600
...
_mta-sts.BrettDelmage.ca. 180 IN TXT "v=STSv1; id=2021060102;"
_smtp._tls.BrettDelmage.ca. 180 IN TXT "TLSRPTv1; rua=mailto:***@brettdelmage.ca"
...
OK
When I load the zone I can fetch _mta-sts.BrettDelmage.ca
dig @127.0.0.1 _mta-sts.brettdelmage.ca txt +short
"v=STSv1; id=2021060102;"
but not _smtp._tls.BrettDelmage.ca.:
dig @127.0.0.1 _smtp._tls.brettdelmage.ca txt
; <<>> DiG 9.16.16-Ubuntu <<>> @127.0.0.1 _smtp._tls.brettdelmage.ca txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 37893
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: a70534bd6a80a8c70100000060b70dbd54a4db11f1a5b7d1 (good)
;; QUESTION SECTION:
;_smtp._tls.brettdelmage.ca. IN TXT
;; AUTHORITY SECTION:
BrettDelmage.ca. 180 IN SOA cacloud.brettdelmage.ca. hostmaster.BrettDelmage.ca. 2021060110 180 300 1814400 3600
-----
named -v
BIND 9.16.16-Ubuntu (Stable Release) <id:0c314d8>
What am I doing wrong here?
Thanks!
Brett
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_mta-sts.BrettDelmage.ca. 180 IN TXT "v=STSv1; id=2021060102;"
_smtp._tls.BrettDelmage.ca. 180 IN TXT "TLSRPTv1; rua=mailto:***@brettdelmage.ca"
to a signed zone to enable Mail Transfer Agent Strict Transport Security.
When I run
/var/lib/bind/master# named-compilezone -k warn -o - BrettDelmage.ca BrettDelmage.ca
I get the expected error for the leading _, but only for _mta_sts.
BrettDelmage.ca:21: mta_sts.BrettDelmage.ca: bad owner name (check-names)
zone BrettDelmage.ca/IN: loaded serial 2021060110
BrettDelmage.ca. 180 IN SOA cacloud.brettdelmage.ca. hostmaster.BrettDelmage.ca. 2021060110 180 300 1814400 3600
...
_mta-sts.BrettDelmage.ca. 180 IN TXT "v=STSv1; id=2021060102;"
_smtp._tls.BrettDelmage.ca. 180 IN TXT "TLSRPTv1; rua=mailto:***@brettdelmage.ca"
...
OK
When I load the zone I can fetch _mta-sts.BrettDelmage.ca
dig @127.0.0.1 _mta-sts.brettdelmage.ca txt +short
"v=STSv1; id=2021060102;"
but not _smtp._tls.BrettDelmage.ca.:
dig @127.0.0.1 _smtp._tls.brettdelmage.ca txt
; <<>> DiG 9.16.16-Ubuntu <<>> @127.0.0.1 _smtp._tls.brettdelmage.ca txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 37893
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: a70534bd6a80a8c70100000060b70dbd54a4db11f1a5b7d1 (good)
;; QUESTION SECTION:
;_smtp._tls.brettdelmage.ca. IN TXT
;; AUTHORITY SECTION:
BrettDelmage.ca. 180 IN SOA cacloud.brettdelmage.ca. hostmaster.BrettDelmage.ca. 2021060110 180 300 1814400 3600
-----
named -v
BIND 9.16.16-Ubuntu (Stable Release) <id:0c314d8>
What am I doing wrong here?
Thanks!
Brett
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users