diff --git a/plogical/dnsUtilities.py b/plogical/dnsUtilities.py index cae10c88b..ea00d3c6f 100644 --- a/plogical/dnsUtilities.py +++ b/plogical/dnsUtilities.py @@ -326,7 +326,9 @@ class DNS: # auth=1) # record.save() - DNS.createDNSRecord(zone, "_dmarc." + topLevelDomain, "TXT", "v=DMARC1; p=none;", 0, 3600) + # Apex DMARC: do not auto-add p=none here — use one TXT at _dmarc. in Cloudflare/DNS + # to avoid conflicting duplicate DMARC records (invalid per RFC 7489). + # DNS.createDNSRecord(zone, "_dmarc." + topLevelDomain, "TXT", "v=DMARC1; p=none;", 0, 3600) # record = Records(domainOwner=zone, # domain_id=zone.id, @@ -489,7 +491,9 @@ class DNS: # auth=1) # record.save() - DNS.createDNSRecord(zone, "_dmarc." + topLevelDomain, "TXT", "v=DMARC1; p=none;", 0, 3600) + # Apex DMARC: do not auto-add p=none here — use one TXT at _dmarc. in Cloudflare/DNS + # to avoid conflicting duplicate DMARC records (invalid per RFC 7489). + # DNS.createDNSRecord(zone, "_dmarc." + topLevelDomain, "TXT", "v=DMARC1; p=none;", 0, 3600) # record = Records(domainOwner=zone, # domain_id=zone.id, @@ -585,7 +589,9 @@ class DNS: # auth=1) # record.save() - DNS.createDNSRecord(zone, "_dmarc." + actualSubDomain, "TXT", "v=DMARC1; p=none;", 0, 3600) + # Do not auto-create subdomain _dmarc: one organizational policy at _dmarc. is enough for + # typical setups; avoids dozens of p=none records and Cloudflare clutter. + # DNS.createDNSRecord(zone, "_dmarc." + actualSubDomain, "TXT", "v=DMARC1; p=none;", 0, 3600) # record = Records(domainOwner=zone, # domain_id=zone.id,