Difference between revisions of "Verify sdnog.sd domain with google Postmaster Tools"
Sara.alamin (talk | contribs) |
|||
(15 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
+ | [[Category:SdNOG]] | ||
+ | [[Category:SdNOG_KnowBase]] | ||
+ | |||
+ | ==How to steps== | ||
We have noticed some participants subscribe to [https://sdnog.sd/index.php/mailing-list sdnog mailing list] using gmail accounts. and they do not receive some of the list's email and some being forwarded to the Junk folder. this because the DKIM and DMARC fail with domain gmail.com | We have noticed some participants subscribe to [https://sdnog.sd/index.php/mailing-list sdnog mailing list] using gmail accounts. and they do not receive some of the list's email and some being forwarded to the Junk folder. this because the DKIM and DMARC fail with domain gmail.com | ||
<br> | <br> | ||
[[File:DKIM and DMARK failed.png|600px|centre]] | [[File:DKIM and DMARK failed.png|600px|centre]] | ||
<br> | <br> | ||
− | so there are many steps need to be fixed , one of them verifying the sdnog.sd domain with google Postmaster Tools, and here we will see how could be done. | + | so there are many steps need to be fixed , one of them verifying the sdnog.sd domain with google Postmaster Tools, and here we will see how could be done. <br> |
− | You need to generate a DNS validation key TXT resource record from google [https://support.google.com/mail/answer/9981691 Postmaster Tools] | + | |
+ | 1. You need to generate a DNS validation key TXT resource record from google [https://support.google.com/mail/answer/9981691 Postmaster Tools] | ||
+ | <br> | ||
+ | using a gmail account. login and the enter domain name you want to verify | ||
+ | [[File:Add the domain to be authenticated.png|300px|center]] | ||
+ | <br> | ||
+ | |||
+ | 2. then copy the TXT record and add this to your DNS zone file , and then click on verify. | ||
+ | [[File:Add TXT record to DNS.png|300px|center]] | ||
+ | |||
+ | 3. after few minutes, the domain will be verified. | ||
+ | [[File:The Domain has been verified.png|400px|center]] | ||
+ | <br> | ||
+ | ==Troubleshooting== | ||
+ | the above steps seems very easy to do. but while we are doing this for sdnog.sd we found some issues. | ||
+ | We added the TXT record to the zone, but it was not propagated to DNS secondaries: | ||
+ | |||
+ | <nowiki> | ||
+ | $ dig txt sdnog.sd | ||
+ | ;; ANSWER SECTION: | ||
+ | sdnog.sd. 60 IN TXT "v=spf1 mx a ip4:196.10.53.12 ip6:2001:43f8:1f3:a00::12 a:mail.sdnog.sd ~all" | ||
+ | </nowiki> | ||
+ | |||
+ | so we noticed not all sdnog secondaries servers are synced, using "dig soa sdnog.sd +nssearch" command: | ||
+ | <nowiki> | ||
+ | $ dig soa sdnog.sd +nssearch | awk -F ' ' ' {print $4, $10, $11}' | ||
+ | 2021051905 server 185.70.56.53 | ||
+ | 2021051905 server 193.110.181.53 | ||
+ | 2021102409 server 206.220.228.134 | ||
+ | 2021051905 server 196.10.54.53 | ||
+ | 2021102409 server 196.216.2.1 | ||
+ | 2021051905 server 196.10.55.53 | ||
+ | 2021051905 server 196.10.52.53 | ||
+ | </nowiki> | ||
+ | |||
+ | so we checked the acl section and " allow-transfer" option to know if we have any limitation on how the zone could be transferred.<br> | ||
+ | after fixing some configuration here, we updated the "Serial" time for the zone and restarted the service. | ||
+ | and now everything is fine <br> | ||
+ | <nowiki> | ||
+ | $ dig txt sdnog.sd | ||
+ | ;; ANSWER SECTION: | ||
+ | sdnog.sd. 60 IN TXT "v=spf1 mx a ip4:196.10.53.12 ip6:2001:43f8:1f3:a00::12 a:mail.sdnog.sd ~all" | ||
+ | sdnog.sd. 60 IN TXT "google-site-verification=FijZa4-e16D4V2Vqe6gnMgWa5fALU6tozOzWeOtOtgo" | ||
+ | </nowiki> | ||
+ | |||
+ | and all the secondaries are synced : | ||
+ | |||
+ | <nowiki> | ||
+ | $ dig soa sdnog.sd +nssearch | awk -F ' ' ' {print $4, $10, $11}' | ||
+ | 2021102409 server 185.70.56.53 | ||
+ | 2021102409 server 193.110.181.53 | ||
+ | 2021102409 server 206.220.228.134 | ||
+ | 2021102409 server 196.216.2.1 | ||
+ | 2021102409 server 196.10.54.53 | ||
+ | 2021102409 server 196.10.55.53 | ||
+ | 2021102409 server 196.10.52.53 | ||
+ | </nowiki> | ||
+ | <br> |
Latest revision as of 11:57, 11 August 2024
How to steps
We have noticed some participants subscribe to sdnog mailing list using gmail accounts. and they do not receive some of the list's email and some being forwarded to the Junk folder. this because the DKIM and DMARC fail with domain gmail.com
so there are many steps need to be fixed , one of them verifying the sdnog.sd domain with google Postmaster Tools, and here we will see how could be done.
1. You need to generate a DNS validation key TXT resource record from google Postmaster Tools
using a gmail account. login and the enter domain name you want to verify
2. then copy the TXT record and add this to your DNS zone file , and then click on verify.
3. after few minutes, the domain will be verified.
Troubleshooting
the above steps seems very easy to do. but while we are doing this for sdnog.sd we found some issues. We added the TXT record to the zone, but it was not propagated to DNS secondaries:
$ dig txt sdnog.sd ;; ANSWER SECTION: sdnog.sd. 60 IN TXT "v=spf1 mx a ip4:196.10.53.12 ip6:2001:43f8:1f3:a00::12 a:mail.sdnog.sd ~all"
so we noticed not all sdnog secondaries servers are synced, using "dig soa sdnog.sd +nssearch" command:
$ dig soa sdnog.sd +nssearch | awk -F ' ' ' {print $4, $10, $11}' 2021051905 server 185.70.56.53 2021051905 server 193.110.181.53 2021102409 server 206.220.228.134 2021051905 server 196.10.54.53 2021102409 server 196.216.2.1 2021051905 server 196.10.55.53 2021051905 server 196.10.52.53
so we checked the acl section and " allow-transfer" option to know if we have any limitation on how the zone could be transferred.
after fixing some configuration here, we updated the "Serial" time for the zone and restarted the service.
and now everything is fine
$ dig txt sdnog.sd ;; ANSWER SECTION: sdnog.sd. 60 IN TXT "v=spf1 mx a ip4:196.10.53.12 ip6:2001:43f8:1f3:a00::12 a:mail.sdnog.sd ~all" sdnog.sd. 60 IN TXT "google-site-verification=FijZa4-e16D4V2Vqe6gnMgWa5fALU6tozOzWeOtOtgo"
and all the secondaries are synced :
$ dig soa sdnog.sd +nssearch | awk -F ' ' ' {print $4, $10, $11}' 2021102409 server 185.70.56.53 2021102409 server 193.110.181.53 2021102409 server 206.220.228.134 2021102409 server 196.216.2.1 2021102409 server 196.10.54.53 2021102409 server 196.10.55.53 2021102409 server 196.10.52.53