3

Over at dmarc.org, it's suggested that IN TXT records of DNS could be written in a special form within the zone file to make them not overflow the lines in your text editor.

The DMARC policy record might look like this when retrieved using a common command-line tool:

% dig +short TXT _dmarc.example.com.
"v=DMARC1\; p=none\; rua=mailto:dmarc-feedback@example.com"

To publish such a record, the DNS administrator for the Domain Owner creates an entry like the following in the appropriate zone file (following the conventional zone file format):

; DMARC record for the domain example.com

_dmarc  IN TXT ( "v=DMARC1; p=none; "
                 "rua=mailto:dmarc-feedback@example.com" )

I've tried following the example in my actual zone file with NSD; however, when I then query the domain, I actually get the results wrapped up on multiple lines, too.

% dig +short TXT _dmarc.example.su
"v=DMARC1\; " "p=reject\; " "rua=mailto:rua-dmarc@example.su"

Is this expected? Is this likely to break some software that's supposed to parse these TXT records to get the DMARC / SPF / DKIM / etc?

cnst
  • 25,870
  • 6
  • 90
  • 122
  • perhaps a reference of how multi-line TXT records are handles internally might be interesting to understand whether there might be an issue here – cnst Mar 27 '15 at 22:39
  • splitting is possible, but it's not a solution. I've implemented this and still get 'DKIM fail' reports from gmail, yahoo, google, rocketmail. And Mxtoolbox https://mxtoolbox.com/dkim.aspx reports error too. – OzBob Feb 26 '19 at 09:02
  • 1
    @OzBob I'm a little sceptical that everyone would be having issues with this; in fact, I still did use the above splits in my own configuration, and yet I am getting `rua` email from Google pretty regularly nonetheless, so, your issues are probably with something else. – cnst Feb 26 '19 at 09:11

2 Answers2

3

The individual components of a TXT record may only contain up to 255 characters each, since they're transmitted on the wire in <length><data ...> format.

Any code that's potentially expecting to take more than 255 characters SHOULD be able to coalesce multiple components into a single character array.

In master file format the braces surrounding the strings indicate that multiple components are to be included in a single TXT record - without them this would have created two separate TXT records, and the relative order of the two records would be undefined and subject to change.

Alnitak
  • 334,560
  • 70
  • 407
  • 495
0

It's hard to tell since it will depend on the final implementation of the DMARC checker. However, even detailed in the DMARC document, a DMARC record is no such big that you could overflow your editor.

In my case, using the last opendmarc package on Ubuntu Trusty (14.04) along with Postfix, made the daemon crash when processing some weird/malformed DMARC DNS records (but not exactly the case you mention).

I would simply add the one-line approach and play it safe, not just because of a possible break of the checker software, but even worse would be getting your mail rejected because policy doesn't seem to be alligned when it actually is!

So I'd just add something like this:

_dmarc.example.su    IN TXT "v=DMARC1; p=reject; rua=mailto:rua-dmarc@example.su"
nKn
  • 13,691
  • 9
  • 45
  • 62
  • well, i also want to specify `ruf`, and then the line gets too large – cnst Mar 27 '15 at 22:39
  • In my opinion still not long enough line to split it into several lines. Keep in mind that DKIM records include a whole public certificate inside them and they are usually created in one line, there's no reason to worry about putting it all in one line. – nKn Mar 27 '15 at 22:43