dns/zones: improve dmarc record

author: Aaron LI <aly@aaronly.me> 2018-03-22 16:17:11 +0800
committer: Aaron LI <aly@aaronly.me> 2018-03-22 16:17:11 +0800
commit: 2c8de18a80a603e4f0ef4d9ed167a74e5d22f040 (patch)
tree: 9122745f10f544b1a18f7344730dc5d27d91b544 /roles/dns/templates/zones
parent: bb0fe8567f021c03df938887ac3dffc461026501 (diff)
download: ansible-dfly-vps-2c8de18a80a603e4f0ef4d9ed167a74e5d22f040.tar.bz2
2 files changed, 16 insertions, 2 deletions
diff --git a/roles/dns/templates/zones/aaronly.me.zone.j2 b/roles/dns/templates/zones/aaronly.me.zone.j2
index da4814e..4a25d00 100644
--- a/roles/dns/templates/zones/aaronly.me.zone.j2
+++ b/roles/dns/templates/zones/aaronly.me.zone.j2
@@ -38,7 +38,14 @@ mail        IN  CNAME   mail.{{ network.domain }}.
 {% endif %}
 @           IN  TXT     "v=spf1 mx -all"
 @           IN  TXT     "google-site-verification={{ mail['google-site-verification'][domain] }}"
-_dmarc      IN  TXT     "v=DMARC1; p={{ mail.dmarc.p }}; sp={{ mail.dmarc.sp }}; pct={{ mail.dmarc.pct }}; aspf={{ mail.dmarc.aspf }}; rua=mailto:{{ mail.dmarc.rua[domain] }};"
+{% set ruatxt = "rua=mailto:" + mail.dmarc.rua[domain] + ";" %}
+{% set ruf = mail.dmarc.ruf | default({}) %}
+{% if ruf[domain] is defined %}
+{% set ruftxt = "ruf=mailto:" + ruf[domain] + ";" %}
+{% else %}
+{% set ruftxt = "" %}
+{% endif %}
+_dmarc      IN  TXT     "v=DMARC1; p={{ mail.dmarc.p }}; sp={{ mail.dmarc.sp }}; pct={{ mail.dmarc.pct }}; adkim={{ mail.dmarc.adkim }}; aspf={{ mail.dmarc.aspf }}; fo={{ mail.dmarc.fo }}; {{ ruatxt }} {{ ruftxt }}"
 {% if domain_key is defined %}
 {{ domain_key | dkim_record(selector=mail.dkim.selector) | join("\n") }}
 {% endif %}
diff --git a/roles/dns/templates/zones/liwt.net.zone.j2 b/roles/dns/templates/zones/liwt.net.zone.j2
index bbd7d14..03459ee 100644
--- a/roles/dns/templates/zones/liwt.net.zone.j2
+++ b/roles/dns/templates/zones/liwt.net.zone.j2
@@ -46,7 +46,14 @@ mail        IN  AAAA    {{ network.ipv6.address }}
 {% endif %}
 @           IN  TXT     "v=spf1 mx -all"
 @           IN  TXT     "google-site-verification={{ mail['google-site-verification'][domain] }}"
-_dmarc      IN  TXT     "v=DMARC1; p={{ mail.dmarc.p }}; sp={{ mail.dmarc.sp }}; pct={{ mail.dmarc.pct }}; aspf={{ mail.dmarc.aspf }}; rua=mailto:{{ mail.dmarc.rua[domain] }};"
+{% set ruatxt = "rua=mailto:" + mail.dmarc.rua[domain] + ";" %}
+{% set ruf = mail.dmarc.ruf | default({}) %}
+{% if ruf[domain] is defined %}
+{% set ruftxt = "ruf=mailto:" + ruf[domain] + ";" %}
+{% else %}
+{% set ruftxt = "" %}
+{% endif %}
+_dmarc      IN  TXT     "v=DMARC1; p={{ mail.dmarc.p }}; sp={{ mail.dmarc.sp }}; pct={{ mail.dmarc.pct }}; adkim={{ mail.dmarc.adkim }}; aspf={{ mail.dmarc.aspf }}; fo={{ mail.dmarc.fo }}; {{ ruatxt }} {{ ruftxt }}"
 {% if domain_key is defined %}
 {{ domain_key | dkim_record(selector=mail.dkim.selector) | join("\n") }}
 {% endif %}
author	Aaron LI <aly@aaronly.me>	2018-03-22 16:17:11 +0800
committer	Aaron LI <aly@aaronly.me>	2018-03-22 16:17:11 +0800
commit	2c8de18a80a603e4f0ef4d9ed167a74e5d22f040 (patch)
tree	9122745f10f544b1a18f7344730dc5d27d91b544 /roles/dns/templates/zones
parent	bb0fe8567f021c03df938887ac3dffc461026501 (diff)
download	ansible-dfly-vps-2c8de18a80a603e4f0ef4d9ed167a74e5d22f040.tar.bz2