From e743de540408b3f95a3cca9166910867907d2738 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Mon, 6 Sep 2021 09:24:40 +0200 Subject: [PATCH] dns: add comment about why kunbox.net does not use DMARC --- data/powerdns/files/bind-zones/kunbox.net | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/data/powerdns/files/bind-zones/kunbox.net b/data/powerdns/files/bind-zones/kunbox.net index 1dbc19c..99af2fa 100644 --- a/data/powerdns/files/bind-zones/kunbox.net +++ b/data/powerdns/files/bind-zones/kunbox.net @@ -29,7 +29,10 @@ ns-3 IN A 35.228.143.71 ${record} % endfor -;_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:hostmaster@kunbox.net; ruf=mailto:postmaster@kunsmann.eu; fo=0:d:s; adkim=r; aspf=r" +; Please note there's no _dmarc record in here. We use this domain to +; send out dmarc reports to other domains, so there shouldn't be a +; record here to avoid creating loops. +; We're still publishing DKIM keys and have enabled TLSRPT, though. _mta-sts IN TXT "v=STSv1;id=20201111;" _smtp._tls IN TXT "v=TLSRPTv1;rua=mailto:hostmaster@kunbox.net" _token._dnswl IN TXT "6akc10htbgmg56e072w0w2n0wql4oezu"