Difference between revisions of "Verify sdnog.sd domain with google Postmaster Tools"
Sara.alamin (talk | contribs) (→Troubleshooting) |
Sara.alamin (talk | contribs) (→Troubleshooting) |
||
Line 43: | Line 43: | ||
after fixing some configuration here, we updated the "Serial" time for the zone and restarted the service. | after fixing some configuration here, we updated the "Serial" time for the zone and restarted the service. | ||
and now everything is fine <br> | and now everything is fine <br> | ||
− | <nowiki> | + | <nowiki> |
$ dig txt sdnog.sd | $ dig txt sdnog.sd | ||
;; ANSWER SECTION: | ;; ANSWER SECTION: | ||
sdnog.sd. 60 IN TXT "v=spf1 mx a ip4:196.10.53.12 ip6:2001:43f8:1f3:a00::12 a:mail.sdnog.sd ~all" | sdnog.sd. 60 IN TXT "v=spf1 mx a ip4:196.10.53.12 ip6:2001:43f8:1f3:a00::12 a:mail.sdnog.sd ~all" | ||
− | sdnog.sd. 60 IN TXT "google-site-verification=FijZa4-e16D4V2Vqe6gnMgWa5fALU6tozOzWeOtOtgo" </nowiki> | + | sdnog.sd. 60 IN TXT "google-site-verification=FijZa4-e16D4V2Vqe6gnMgWa5fALU6tozOzWeOtOtgo" |
+ | </nowiki> |
Revision as of 17:19, 25 October 2021
How to steps
We have noticed some participants subscribe to sdnog mailing list using gmail accounts. and they do not receive some of the list's email and some being forwarded to the Junk folder. this because the DKIM and DMARC fail with domain gmail.com
so there are many steps need to be fixed , one of them verifying the sdnog.sd domain with google Postmaster Tools, and here we will see how could be done.
1. You need to generate a DNS validation key TXT resource record from google Postmaster Tools
using a gmail account. login and the enter domain name you want to verify
2. then copy the TXT record and add this to your DNS zone file , and then click on verify.
3. after few minutes, the domain will be verified.
Troubleshooting
the above steps seems very easy to do. but while we are doing this for sdnog.sd we found some issues. We added the TXT record to the zone, but it was not propagated to DNS secondaries:
$ dig txt sdnog.sd ;; ANSWER SECTION: sdnog.sd. 60 IN TXT "v=spf1 mx a ip4:196.10.53.12 ip6:2001:43f8:1f3:a00::12 a:mail.sdnog.sd ~all"
so we noticed not all sdnog secondaries servers are synced, using "dig soa sdnog.sd +nssearch" command:
$ dig soa sdnog.sd +nssearch | awk -F ' ' ' {print $4, $10, $11}' 2021051905 server 185.70.56.53 2021051905 server 193.110.181.53 2021102409 server 206.220.228.134 2021051905 server 196.10.54.53 2021102409 server 196.216.2.1 2021051905 server 196.10.55.53 2021051905 server 196.10.52.53
so we checked the acl section and " allow-transfer" option to know if we have any limitation on how the zone could be transferred.
after fixing some configuration here, we updated the "Serial" time for the zone and restarted the service.
and now everything is fine
$ dig txt sdnog.sd ;; ANSWER SECTION: sdnog.sd. 60 IN TXT "v=spf1 mx a ip4:196.10.53.12 ip6:2001:43f8:1f3:a00::12 a:mail.sdnog.sd ~all" sdnog.sd. 60 IN TXT "google-site-verification=FijZa4-e16D4V2Vqe6gnMgWa5fALU6tozOzWeOtOtgo"