Verify sdnog.sd domain with google Postmaster Tools

From SdNOG wiki
Jump to navigation Jump to search


How to steps

We have noticed some participants subscribe to sdnog mailing list using gmail accounts. and they do not receive some of the list's email and some being forwarded to the Junk folder. this because the DKIM and DMARC fail with domain gmail.com

DKIM and DMARK failed.png


so there are many steps need to be fixed , one of them verifying the sdnog.sd domain with google Postmaster Tools, and here we will see how could be done.

1. You need to generate a DNS validation key TXT resource record from google Postmaster Tools
using a gmail account. login and the enter domain name you want to verify

Add the domain to be authenticated.png


2. then copy the TXT record and add this to your DNS zone file , and then click on verify.

Add TXT record to DNS.png

3. after few minutes, the domain will be verified.

The Domain has been verified.png


Troubleshooting

the above steps seems very easy to do. but while we are doing this for sdnog.sd we found some issues. We added the TXT record to the zone, but it was not propagated to DNS secondaries:

 $ dig txt sdnog.sd
 ;; ANSWER SECTION:
 sdnog.sd.		60	IN	TXT	"v=spf1 mx a ip4:196.10.53.12 ip6:2001:43f8:1f3:a00::12  a:mail.sdnog.sd ~all"
 

so we noticed not all sdnog secondaries servers are synced, using "dig soa sdnog.sd +nssearch" command:

 $ dig soa sdnog.sd +nssearch | awk -F ' ' ' {print $4, $10, $11}'
 2021051905 server 185.70.56.53
 2021051905 server 193.110.181.53
 2021102409 server 206.220.228.134
 2021051905 server 196.10.54.53
 2021102409 server 196.216.2.1
 2021051905 server 196.10.55.53
 2021051905 server 196.10.52.53 
 

so we checked the acl section and " allow-transfer" option to know if we have any limitation on how the zone could be transferred.
after fixing some configuration here, we updated the "Serial" time for the zone and restarted the service. and now everything is fine

 $ dig txt sdnog.sd
 ;; ANSWER SECTION:
 sdnog.sd.		60	IN	TXT	"v=spf1 mx a ip4:196.10.53.12 ip6:2001:43f8:1f3:a00::12  a:mail.sdnog.sd ~all"
 sdnog.sd.		60	IN	TXT	"google-site-verification=FijZa4-e16D4V2Vqe6gnMgWa5fALU6tozOzWeOtOtgo"      
 

and all the secondaries are synced :

 $ dig soa sdnog.sd +nssearch | awk -F ' ' ' {print $4, $10, $11}'
 2021102409 server 185.70.56.53
 2021102409 server 193.110.181.53
 2021102409 server 206.220.228.134
 2021102409 server 196.216.2.1
 2021102409 server 196.10.54.53
 2021102409 server 196.10.55.53
 2021102409 server 196.10.52.53