简介
本文档介绍如何使用 dig/nslookup
在邮件安全设备(ESA)和云邮件安全(CES)上查找域的SPF、DKIM和DMARC记录。
先决条件
要求
Cisco 建议您了解以下主题:
- Async OS 10.0或更高版本上的ESA
- 对设备的管理访问权限
使用的组件
本文档中的信息基于Async OS 10.0或更高版本上所有支持的ESA硬件型号和虚拟设备。
要从CLI验证设备的版本信息,请输入version命令。在GUI中,导航至 Monitor > System Status
.
两者 nslookup
和 dig
当前ESA/CES Async OS版本支持命令。这些命令可通过设备的SSH/CLI访问执行。
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您的网络处于活动状态,请确保您了解所有命令的潜在影响。
提供的示例输出用于域 cisco.com
和 gmail.com
、类似的命令也可用于其他域。
SPF
可以使用以下格式执行SPF查找:
注意:S替换单词 domain
查找相应的域。
对于已发布多个TXT记录的域, nslookup
无法列出SPF记录。在这种情况下, dig
必须改用。
如以下示例输出所示 cisco.com
.
(Machine lab.esa.com)> nslookup cisco.com txt
TXT="google-site-verification=qPS9ZkoQ-Og1rBrM1_N7z-tNJNy2BVxE8lw6SB2iFdk"
TTL=21m 8s
(Machine lab.esa.com)> dig cisco.com txt
;; Warning: Message parser reports malformed message packet.
;; Truncated, retrying in TCP mode.
; <<>> DiG 9.11.2 <<>> cisco.com TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20648
;; flags: qr rd ra; QUERY: 1, ANSWER: 25, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;cisco.com. IN TXT
;; ANSWER SECTION:
cisco.com. 1782 IN TXT "fastly-domain-delegation-w049tcm0w48ds-341317-20210209"
cisco.com. 1782 IN TXT "v=spf1 redirect=spfa._spf.cisco.com"
cisco.com. 1782 IN TXT "MS=ms35724259"
cisco.com. 1782 IN TXT "amazonses:QbUv5pPHGQxRy1vKA0J7Y/biE9oR6MTxOTI1bZIfjsw="
cisco.com. 1782 IN TXT "fastly-domain-delegation-e9a758d22183504af2d5ab4d9a9853da-20210127"
cisco.com. 1782 IN TXT "QuoVadis=94d4ae74-ecd5-4a33-975e-a0d7f546c801"
cisco.com. 1782 IN TXT "atlassian-domain-verification=672RcADvt8BPqsb9gCN2ZC5DoTAhUT8abC1blYKQxi/MHMaGoA/BuvjFMaWRtgd7"
cisco.com. 1782 IN TXT "google-site-verification=9MlQU9MMQ1jHLMUkONKe6QzZ-ZIGRv0BCD1_rY1Zdmc"
cisco.com. 1782 IN TXT "SFMC-o7HX74BQ79k7glpt_qjlF2vmZO9DpqLtYxKLwg87"
cisco.com. 1782 IN TXT "926723159-3188410"
cisco.com. 1782 IN TXT "docusign=95052c5f-a421-4594-9227-02ad2d86dfbe"
cisco.com. 1782 IN TXT "amazonses:7LyiKZmpuGja4+KbA4xX3lN69yajYKLkHH4QJcWnuwo="
cisco.com. 1782 IN TXT "google-site-verification=qPS9ZkoQ-Og1rBrM1_N7z-tNJNy2BVxE8lw6SB2iFdk"
cisco.com. 1782 IN TXT "zpSH7Ye/seyY61hH8+Rq5Kb+ZJ9hDa+qeFBaD/6sPAAg+2POkGdP0byHb1pFVK9uZgYF2AIosUSZq4MB17oydQ=="
cisco.com. 1782 IN TXT "duo_sso_verification=AxenLdoqIXzjl2RJzE1BlOfkawDbDFlnbyvjAt8vcjKHBkvYwEMySDRk5QmBd66v"
cisco.com. 1782 IN TXT "facebook-domain-verification=1zoxo8z7t013gpruxmhc8dkerq47vh"
cisco.com. 1782 IN TXT "google-site-verification=lW5eqPMJI4VrLc28YW-JBkqA-FDNVnhFCXQVDvFqZTo"
cisco.com. 1782 IN TXT "facebook-domain-verification=qr2nigspzrpa96j1nd9criovuuwino"
cisco.com. 1782 IN TXT "apple-domain-verification=qOInipPgso3W8cmK"
cisco.com. 1782 IN TXT "identrust_validate=JnSSfW+y58dEQju6mVBe8lu1MGFepXI50P27OE1ZZQmL"
cisco.com. 1782 IN TXT "onetrust-domain-verification=20345dd0c33946f299f14c1498b41f67"
cisco.com. 1782 IN TXT "mixpanel-domain-verify=2c6cb1aa-a3fb-44b9-ad10-d6b744109963"
cisco.com. 1782 IN TXT "identrust_validate=Wns4/AOM0Ij2kQCQhzvNbMcoBzxItOa+44O7KF06lIp3"
cisco.com. 1782 IN TXT "docusign=5e18de8e-36d0-4a8e-8e88-b7803423fa2f"
cisco.com. 1782 IN TXT "amazonses:mX+ylQj+fJAfh9pr03yIR7YvjKZ1bOo5ABegqM/5pvI="
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 23 06:03:28 GMT 2021
;; MSG SIZE rcvd: 1756
(Machine lab.esa.com)> nslookup gmail.com txt
TXT="v=spf1 redirect=_spf.google.com"
TTL=30m
(Machine lab.esa.com)> dig gmail.com txt
; <<>> DiG 9.11.2 <<>> gmail.com TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14807
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;gmail.com. IN TXT
;; ANSWER SECTION:
gmail.com. 1800 IN TXT "v=spf1 redirect=_spf.google.com"
gmail.com. 1800 IN TXT "globalsign-smime-dv=CDYX+XFHUw2wml6/Gb8+59BsH31KzUr6c1l2BPvqKX8="
;; Query time: 85 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 23 06:05:38 GMT 2021
;; MSG SIZE rcvd: 148
DKIM
可以使用以下格式执行DKIM查找:
nslookup
selector._domainkey.domain txt
dig
selector._domainkey.domain txt
注意: 替换单词 selector
和 domain
使用DKIM选择器和要查找的域。
(Machine lab.esa.com)> nslookup iport._domainkey.cisco.com txt
TXT="v=DKIM1;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCctxGhJnvNpdcQLJM6a/0otvdpzFIJuo73OYFuw6/8bXcf8/p5JG/iME1r9fUlrNZs3kMn9ZdPYvTyRbyZ0UyMrsM3ZN2JAIop3M7sitqHgp8pbORFgQyZxq+L23I2cELq+qw
tbanjWJzEPpVvrvbuz9QL8CUtS+V5N5ldq8L/lwIDAQAB;"
TTL=1d
(Machine lab.esa.com)> dig iport._domainkey.cisco.com txt
; <<>> DiG 9.11.2 <<>> iport._domainkey.cisco.com TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21671
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;iport._domainkey.cisco.com. IN TXT
;; ANSWER SECTION:
iport._domainkey.cisco.com. 86400 IN TXT "v=DKIM1;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCctxGhJnvNpdcQLJM6a/0otvdpzFIJuo73OYFuw6/8bXcf8/p5JG/iME1r9fUlrNZs3kMn9ZdPYvTyRbyZ0UyMrsM3ZN2JAIop3M7sitqHgp8pbORFgQyZxq+L23I2cELq+qw
tbanjWJzEPpVvrvbuz9QL8CUtS+V5N5ldq8L/lwIDAQAB;"
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 23 06:41:31 GMT 2021
;; MSG SIZE rcvd: 285
(Machine lab.esa.com)> dig 20161025._domainkey.gmail.com TXT
; <<>> DiG 9.11.2 <<>> 20161025._domainkey.gmail.com TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11798
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;20161025._domainkey.gmail.com. IN TXT
;; ANSWER SECTION:
20161025._domainkey.gmail.com. 1800 IN TXT "k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPGBk4ZB64UfSqWyAicdR7lodhytae+EYRQVtKDhM+1mXjEqRtP/pDT3sBhazkmA48n2k5NJUyMEoO8nc2r6sUA+/Dom5jRBZp6qDKJOwjJ5R/OpHamlRG+YRJQqR"
"tqEgSiJWG7h7efGYWmh4URhFM9k9+rmG/CwCgwx7Et+c8OMlngaLl04/bPmfpjdEyLWyNimk761CX6KymzYiRDNz1MOJOJ7OzFaS4PFbVLn0m5mf0HVNtBpPwWuCNvaFVflUYxEyblbB6h/oWOPGbzoSgtRA47SHV53SwZjIsVpb
q4LxUW9IxAEwYzGcSgZ4n5Q8X8TndowsDUzoccPFGhdwIDAQAB"
;; Query time: 174 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 23 06:45:01 GMT 2021
;; MSG SIZE rcvd: 462
(Machine lab.esa.com)> nslookup 20161025._domainkey.gmail.com TXT
TXT="k=rsa;
p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPGBk4ZB64UfSqWyAicdR7lodhytae+EYRQVtKDhM+1mXjEqRtP/pDT3sBhazkmA48n2k5NJUyMEoO8nc2r6sUA+/Dom5jRBZp6qDKJOwjJ5R/OpHamlRG+YRJQqR"
"tqEgSiJWG7h7efGYWmh4URhFM9k9+rmG/CwCgwx7Et+c8OMlngaLl04/bPmfpjdEyLWyNimk761CX6KymzYiRDNz1MOJOJ7OzFaS4PFbVLn0m5mf0HVNtBpPwWuCNvaFVflUYxEyblbB6h/oWOPGbzoSgtRA47SHV53SwZjIsVpb
q4LxUW9IxAEwYzGcSgZ4n5Q8X8TndowsDUzoccPFGhdwIDAQAB"
TTL=30m
DMARC
可以使用以下格式执行DMARC查找:
nslookup
_dmarc.domain txt
dig
_dmarc.domain txt
注意:S替换单词 domain
您想要查找的域。
(Machine lab.esa.com)> nslookup _dmarc.cisco.com txt
TXT="v=DMARC1; p=quarantine; pct=0; fo=1; ri=3600; rua=mailto:cisco@rua.agari.com; ruf=mailto:cisco@ruf.agari.com"
TTL=30m
(Machine lab.esa.com)> dig txt _dmarc.cisco.com
; <<>> DiG 9.11.2 <<>> _dmarc.cisco.com TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24522
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;_dmarc.cisco.com. IN TXT
;; ANSWER SECTION:
_dmarc.cisco.com. 1800 IN TXT "v=DMARC1; p=quarantine; pct=0; fo=1; ri=3600; rua=mailto:cisco@rua.agari.com; ruf=mailto:cisco@ruf.agari.com"
;; Query time: 2 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 23 06:34:15 GMT 2021
;; MSG SIZE rcvd: 155
(Machine lab.esa.com)> nslookup _dmarc.gmail.com txt
TXT="v=DMARC1; p=none; sp=quarantine; rua=mailto:mailauth-reports@google.com"
TTL=30m
(Machine lab.esa.com)> dig _dmarc.gmail.com txt
; <<>> DiG 9.11.2 <<>> _dmarc.gmail.com TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28370
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;_dmarc.gmail.com. IN TXT
;; ANSWER SECTION:
_dmarc.gmail.com. 1800 IN TXT "v=DMARC1; p=none; sp=quarantine; rua=mailto:mailauth-reports@google.com"
;; Query time: 85 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Feb 23 06:35:18 GMT 2021
;; MSG SIZE rcvd: 118
相关信息