mjardim

Q: DMARC Record on Server.app 5.0.15

Hi there,

Using El Capitain on a Mac Mini with Server.app 5.0.15

Trying to create a DNS  DMARC TXT Record but so far ain't been able to do so.

Can someone point me to the right direction?

Thanks in advance,

Kind Regards,

Marco

Mac mini, OS X El Capitan (10.11.3)

Posted on Feb 22, 2016 7:29 AM

Close

Q: DMARC Record on Server.app 5.0.15

  • All replies
  • Helpful answers

  • by John Lockwood,

    John Lockwood John Lockwood Feb 22, 2016 9:09 AM in response to mjardim
    Level 6 (9,324 points)
    Servers Enterprise
    Feb 22, 2016 9:09 AM in response to mjardim

    Firstly for many people the DNS server these needs to be added to is an Internet accessible DNS server and often is either run by the Internet Service Provider or the company selling them the domain name e.g. NetworkSolutions Inc. As such it may not be necessary to setup on an internal only DNS server. If however you are running a split-horizon DNS configuration and your mail server looks at your internal DNS server then yes you might need to add these records to your internal (Mac) DNS server.

     

    The Server.app itself does not really have the capability to define TXT records like this however the underlying DNS server software which is the same standard BIND aka. 'named' software used by most other servers can do this.

     

    Therefore the approach to take is as follows.

     

    1. Temporarily turn off the DNS server in Server.app
    2. Quit Server.app
    3. Launch Terminal.app
    4. cd to /Library/Server/named
    5. sudo edit the db zone file for your domain e.g. sudo vi db.domain.com
    6. insert a line that looks like the following

     

              10800 IN TXT     "v=DMARC1; p=reject; rua=mailto:postmaster@your_domain.com, mailto:dmarc@your_domain.com"

     

    The section inside the speech marks needs to be changed to match your own requirements. Study the instructions from Google and their examples.

     

    Now you can save your changes to your DNS zone file, relaunch Server.app and restart the DNS process.

     

    As a reminder according to my brief reading of Google's instructions you must first have valid SPF and DKIM records in your DNS zone file. These would be added the same way.