From facd84fec262f63a762e613b65ee9edf2bf11370 Mon Sep 17 00:00:00 2001
From: master3395 <master3395@users.noreply.github.com>
Date: Tue, 7 Apr 2026 18:50:16 +0200
Subject: [PATCH] DNS: stop auto-creating duplicate DMARC TXT records

CyberPanel previously added _dmarc at the apex (p=none) in two code paths and _dmarc on every child subdomain, which conflicts with a single externally managed policy (e.g. Cloudflare) and violates RFC 7489 (one TXT RRset per name). Comment out automatic DMARC creation so operators set one record at _dmarc.<apex> only.
---
 plogical/dnsUtilities.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/plogical/dnsUtilities.py b/plogical/dnsUtilities.py
index cae10c88b..ea00d3c6f 100644
--- a/plogical/dnsUtilities.py
+++ b/plogical/dnsUtilities.py
@@ -326,7 +326,9 @@ class DNS:
                     #                  auth=1)
                     # record.save()
 
-                    DNS.createDNSRecord(zone, "_dmarc." + topLevelDomain, "TXT", "v=DMARC1; p=none;", 0, 3600)
+                    # Apex DMARC: do not auto-add p=none here — use one TXT at _dmarc.<apex> in Cloudflare/DNS
+                    # to avoid conflicting duplicate DMARC records (invalid per RFC 7489).
+                    # DNS.createDNSRecord(zone, "_dmarc." + topLevelDomain, "TXT", "v=DMARC1; p=none;", 0, 3600)
 
                     # record = Records(domainOwner=zone,
                     #                  domain_id=zone.id,
@@ -489,7 +491,9 @@ class DNS:
                     #                  auth=1)
                     # record.save()
 
-                    DNS.createDNSRecord(zone, "_dmarc." + topLevelDomain, "TXT", "v=DMARC1; p=none;", 0, 3600)
+                    # Apex DMARC: do not auto-add p=none here — use one TXT at _dmarc.<apex> in Cloudflare/DNS
+                    # to avoid conflicting duplicate DMARC records (invalid per RFC 7489).
+                    # DNS.createDNSRecord(zone, "_dmarc." + topLevelDomain, "TXT", "v=DMARC1; p=none;", 0, 3600)
 
                     # record = Records(domainOwner=zone,
                     #                  domain_id=zone.id,
@@ -585,7 +589,9 @@ class DNS:
                 #                  auth=1)
                 # record.save()
 
-                DNS.createDNSRecord(zone, "_dmarc." + actualSubDomain, "TXT", "v=DMARC1; p=none;", 0, 3600)
+                # Do not auto-create subdomain _dmarc: one organizational policy at _dmarc.<apex> is enough for
+                # typical setups; avoids dozens of p=none records and Cloudflare clutter.
+                # DNS.createDNSRecord(zone, "_dmarc." + actualSubDomain, "TXT", "v=DMARC1; p=none;", 0, 3600)
 
                 # record = Records(domainOwner=zone,
                 #                  domain_id=zone.id,