Validation bug in DNS DMARC
Summary
When trying to create a DMARC record for a domain where the DKIM is configured via a CNAME record ISPConfig errors with dmarc_no_dkim_txt
.
As this is a valid setup (see O365 docs for example) the validation function needs to be corrected.
Reference thread in the forums: https://forum.howtoforge.com/threads/configuring-dkim-and-dmarc-with-office-365.91120/#post-449340
Steps to reproduce
- Create a CNAME that point to the DKIM Record
- Trying adding a DMARC Record
- Result: Error dmarc_no_dkim_txt
Correct behaviour
The validation should not check, as it is possible that the record is not configured in the same zone.
Proposed fix
The file in question is interface/web/dns/dns_dmarc_edit.php lines 229-236:
// DMARC requieres at least one active dkim-record...
$sql = "SELECT * FROM dns_rr
LEFT JOIN dns_soa ON (dns_rr.zone=dns_soa.id)
WHERE dns_soa.origin = ? AND dns_rr.name LIKE ? AND type='TXT' AND data like 'v=DKIM1;%' AND dns_rr.active='Y'";
$temp = $app->db->queryAllRecords($sql, $soa['origin'], '%._domainkey%');
if (empty($temp)) {
if (isset($app->tform->errorMessage )) $app->tform->errorMessage = '<br/>' . $app->tform->errorMessage;
$app->tform->errorMessage .= $app->tform->wordbook['dmarc_no_dkim_txt'].$email;
}
Edited by Pyte C