By using AWS re:Post, you agree to the Terms of Use

Questions tagged with Domain Name System (DNS)

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

DMARC policy violation using Amazon SES

Hello, I've setup everything as in getting started articles for Amazon SES, but I still getting errors like these - The messages violates the DMARC policy of ....com. I'm using ...@....com as FROM and mail-1.....com as MAIL FROM. Both have SPF records including - amazonses.com. My DMARC record is - v=DMARC1; p=quarantine; rua=mailto:...@....com. If you check one of the reports I provided below, it writes that second record failed, that IP doesn't belong to Amazon. Could you explain why is that and how to solve it? ``` <?xml version="1.0" encoding="UTF-8" ?> <feedback> <report_metadata> <org_name>google.com</org_name> <email>noreply-dmarc-support@google.com</email> <extra_contact_info>https://support.google.com/a/answer/2466580</extra_contact_info> <report_id>...</report_id> <date_range> <begin>...</begin> <end>...</end> </date_range> </report_metadata> <policy_published> <domain>....com</domain> <adkim>r</adkim> <aspf>r</aspf> <p>quarantine</p> <sp>quarantine</sp> <pct>100</pct> </policy_published> <record> <row> <source_ip>93.188.3.35</source_ip> <count>2</count> <policy_evaluated> <disposition>none</disposition> <dkim>pass</dkim> <spf>fail</spf> </policy_evaluated> </row> <identifiers> <header_from>....com</header_from> </identifiers> <auth_results> <dkim> <domain>....com</domain> <result>pass</result> <selector>...</selector> </dkim> <dkim> <domain>amazonses.com</domain> <result>pass</result> <selector>...</selector> </dkim> <spf> <domain>mail-1.....com</domain> <result>softfail</result> </spf> </auth_results> </record> <record> <row> <source_ip>23.251.240.4</source_ip> <count>1</count> <policy_evaluated> <disposition>none</disposition> <dkim>pass</dkim> <spf>pass</spf> </policy_evaluated> </row> <identifiers> <header_from>....com</header_from> </identifiers> <auth_results> <dkim> <domain>....com</domain> <result>pass</result> <selector>...</selector> </dkim> <dkim> <domain>amazonses.com</domain> <result>pass</result> <selector>...</selector> </dkim> <spf> <domain>mail-1.....com</domain> <result>pass</result> </spf> </auth_results> </record> </feedback> ```
1
answers
0
votes
28
views
asked 5 days ago

DMARC policy violation using Amazon SES

Hello, I've setup everything as in getting started articles for Amazon SES, but I still getting errors like these - The messages violates the DMARC policy of ....com. I'm using ...@....com as FROM and mail-1.....com as MAIL FROM. Both have SPF records including - amazonses.com. My DMARC record is - v=DMARC1; p=quarantine; rua=mailto:...@....com. If you check one of the reports I provided below, it writes that second record failed, that IP doesn't belong to Amazon. Could you explain why is that and how to solve it? ``` <?xml version="1.0" encoding="UTF-8" ?> <feedback> <report_metadata> <org_name>google.com</org_name> <email>noreply-dmarc-support@google.com</email> <extra_contact_info>https://support.google.com/a/answer/2466580</extra_contact_info> <report_id>...</report_id> <date_range> <begin>...</begin> <end>...</end> </date_range> </report_metadata> <policy_published> <domain>....com</domain> <adkim>r</adkim> <aspf>r</aspf> <p>quarantine</p> <sp>quarantine</sp> <pct>100</pct> </policy_published> <record> <row> <source_ip>93.188.3.35</source_ip> <count>2</count> <policy_evaluated> <disposition>none</disposition> <dkim>pass</dkim> <spf>fail</spf> </policy_evaluated> </row> <identifiers> <header_from>....com</header_from> </identifiers> <auth_results> <dkim> <domain>....com</domain> <result>pass</result> <selector>...</selector> </dkim> <dkim> <domain>amazonses.com</domain> <result>pass</result> <selector>...</selector> </dkim> <spf> <domain>mail-1.....com</domain> <result>softfail</result> </spf> </auth_results> </record> <record> <row> <source_ip>23.251.240.4</source_ip> <count>1</count> <policy_evaluated> <disposition>none</disposition> <dkim>pass</dkim> <spf>pass</spf> </policy_evaluated> </row> <identifiers> <header_from>....com</header_from> </identifiers> <auth_results> <dkim> <domain>....com</domain> <result>pass</result> <selector>...</selector> </dkim> <dkim> <domain>amazonses.com</domain> <result>pass</result> <selector>...</selector> </dkim> <spf> <domain>mail-1.....com</domain> <result>pass</result> </spf> </auth_results> </record> </feedback> ```
2
answers
0
votes
25
views
asked 7 days ago

ACM Certificate issued for an private hosted zone, status stuck on pending validation

Hi, we have a certificate issued by ACM for the domain for renewal, and the status of this certificate is `pending validation`. I tried to add the CNAME record by `Create Records in Route 53`, and it pop as "the record is successfully created". Waited for a day, the certificate is still on `pending validation` status. To give a clear example, naming the domain that needs verification as `api.example.com`. I checked in route53 that there is no CNAME record in the hosted zone "api.example.com", however we have a record in the hosted zone `example.com`. I'm not sure about the relationship of this two domain names. But `api.example.com` is a **private hosted zone ** and `example.com` is a **public hosted zone ** that has the CNAME record we need to add to `api.example.com`. The record in the public hosted zone has CNAME has record name. I have followed [DNS validation](https://docs.aws.amazon.com/acm/latest/userguide/dns-validation.html) and [Why is my AWS Certificate Manager (ACM) certificate DNS validation status still pending validation?](https://aws.amazon.com/premiumsupport/knowledge-center/acm-certificate-pending-validation/?nc1=h_ls) and it's a bit confusing that is this the correct certificate we get for a private hosted zone? Shouldn't we get it from ACM CA? If no, where should I add this record to? I pasted the example below, how do I complete validation for this domain? ![Route 53 Dashboard](/media/postImages/original/IMIGfX3gQFT6OTpL1NG61-3A) ![Certificate](/media/postImages/original/IMj6JK8q3HRdST1BZkFD3cpA)
0
answers
0
votes
30
views
asked a month ago

Why are we getting a temporary failure in name resolution for one of our codedeploy jobs.

We've double checked our resolv.conf settings and confirmed DNS is working on the instance. Are we hitting some kind of DNS quota here? https://us-west-1.console.aws.amazon.com/codesuite/codedeploy/deployments/d-DK3X9YR2J?region=us-west-1 ``` [stderr]error pulling image configuration: Get https://prod-us-west-1-starport-layer-bucket.s3.us-west-1.amazonaws.com/f3ebb4-118139069697-febca158-fcb4-8691-5416-12213ec5f233/09333ef6-c54b-402e-bdbe-a506aae50ad8?X-Amz-Security-Token=IQoJb3JpZ2luX2VjEJX%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLXdlc3QtMSJGMEQCIDvxxOc2QHUZICVPv8z4JcO9guj9TFhOHz%2BhFNFcJ3xnAiBIxXYH%2BfSfjKa5Qfy27sX3THps6binPSUWk0GDEsU%2FcSrAAwguEAMaDDY0MTkwMjM0NjY5NCIMMiTs4I8IsHhsS7kjKp0DekQoQzo9dMIxxuZwbRVYz2K7odpA0iNNaT2Wyz1gKWNGCHhL1ofyMrt0INEQ9VsPpQ0rV357OmZgR1h2WZDX7cpmbRDkY9vBafNwwhsVI3yACmvQI%2BnBbZPQn2cL2sbBUu1CYOegiFm0R4VgZKJ6ofx%2B3kfDTR5FO6rBouF0GXkc2MSbn%2BLnIYvfJSFMj7E19CmGZxDCOj2HnK3cEDba2pMNjSxAc9YQBgyVEtC%2Faz7rZ7FiFE2CgNQrxifxVUaIRdNDSzLtdkDPX3OQP85rQODTsFSz8lhQOKy8U7XqVbILRQKxzOnrKZiaChMhyO1m3rkUE9DuPO7t%2F473QQuPDB6o%2B2OavSdlylDvsA6aJdcy%2B6rAaylirvQ5734f2Qy81Ek7nbwPq2dw4%2BSx7Sw8XPzVADXWz%2Fv%2BAics2Wk0nX01rz3psYH4BbDGNMSLEWzORzdqiDq5O1vPHTtfHul%2FtyeeVRULtIb2XHc8ms2%2FWd88DBHonBAgnzjO0GVi9Jgldd5ff7jt6sfeVuA%2BwCZes%2BkqPVDr0JRcTiSvCkww%2B8jnmAY6ogECc3hG9IbK8NDsMSvjW5unt5iaJaqLH9NvAAS1DXKWhkz8DS36MW4rM65NMwD2Fn3NfyGaVRZIQ7iHKM%2F4ksUpQxi68ObptEQjbE4di%2FkMOyH%2BZxuFq%2BskEMNvwTKDYcBClpi8UphJdxLqqXVfAithlYGd7GL2row%2FIzom9xMO9tUY5paxq6Bm%2BnAim2KPtS%2FwSWqhg5R3dMSAB%2FGysZY6efU%3D&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20220908T135103Z&X-Amz-SignedHeaders=host&X-Amz-Expires=3600&X-Amz-Credential=ASIAZK5C4QHDIWPJ2TM5%2F20220908%2Fus-west-1%2Fs3%2Faws4_request&X-Amz-Signature=e66c322896f64ba188ce5bd2f171cfb1e7dc014f2be30ab93a6a600db7e28f7b: dial tcp: lookup prod-us-west-1-starport-layer-bucket.s3.us-west-1.amazonaws.com: Temporary failure in name resolution ```
1
answers
0
votes
20
views
asked a month ago