add support for Brand Indicators for Message Identification (BIMI) records #11

jakewarren · 2022-06-23T15:21:58Z

Changes

adds support for Brand Indicators for Message Identification (BIMI) records ¹ ² ³

Example Output

❯ dt spotify.com
using 8.8.8.8 as resolver

NS                             |IP                        |LOC |ASN     |ISP        |rtt         |Serial
dns3.p07.nsone.net.            |198.51.44.71              |US  |AS62597 |NSONE, US  |2.861517ms  |1655908340 |
dns3.p07.nsone.net.            |2620:4d:4000:6259:7:7:0:3 |US  |AS62597 |NSONE, US  |error       |error      |error |
dns1.p07.nsone.net.            |198.51.44.7               |US  |AS62597 |NSONE, US  |2.97841ms   |1655908340 |
dns1.p07.nsone.net.            |2620:4d:4000:6259:7:7:0:1 |US  |AS62597 |NSONE, US  |error       |error      |error |
dns2.p07.nsone.net.            |198.51.45.7               |US  |AS62597 |NSONE, US  |2.83137ms   |1655908340 |
dns2.p07.nsone.net.            |2a00:edc0:6259:7:7::2     |US  |AS62597 |NSONE, US  |error       |error      |error |
ns-cloud-a1.googledomains.com. |216.239.32.106            |US  |AS15169 |GOOGLE, US |9.519224ms  |1          |
ns-cloud-a1.googledomains.com. |2001:4860:4802:32::6a     |US  |AS15169 |GOOGLE, US |error       |error      |error |
ns-cloud-a3.googledomains.com. |216.239.36.106            |US  |AS15169 |GOOGLE, US |20.87106ms  |1          |
ns-cloud-a3.googledomains.com. |2001:4860:4802:36::6a     |US  |AS15169 |GOOGLE, US |error       |error      |error |
ns-cloud-a4.googledomains.com. |216.239.38.106            |US  |AS15169 |GOOGLE, US |22.50595ms  |1          |
ns-cloud-a4.googledomains.com. |2001:4860:4802:38::6a     |US  |AS15169 |GOOGLE, US |error       |error      |error |
ns-cloud-a2.googledomains.com. |216.239.34.106            |US  |AS15169 |GOOGLE, US |46.596867ms |1          |
ns-cloud-a2.googledomains.com. |2001:4860:4802:34::6a     |US  |AS15169 |GOOGLE, US |error       |error      |error |
dns4.p07.nsone.net.            |198.51.45.71              |US  |AS62597 |NSONE, US  |2.860074ms  |1655908340 |
dns4.p07.nsone.net.            |2a00:edc0:6259:7:7::4     |US  |AS62597 |NSONE, US  |error       |error      |error |

NS                             |IP             |Version   |DNSSEC   |ValidFrom |ValidUntil
dns4.p07.nsone.net.            |198.51.45.71   |13f6af215 |disabled |          |
dns3.p07.nsone.net.            |198.51.44.71   |13f6af215 |disabled |          |
dns1.p07.nsone.net.            |198.51.44.7    |13f6af215 |disabled |          |
dns2.p07.nsone.net.            |198.51.45.7    |13f6af215 |disabled |          |
ns-cloud-a1.googledomains.com. |216.239.32.106 |unknown   |disabled |          |
ns-cloud-a3.googledomains.com. |216.239.36.106 |unknown   |disabled |          |
ns-cloud-a4.googledomains.com. |216.239.38.106 |unknown   |disabled |          |
ns-cloud-a2.googledomains.com. |216.239.34.106 |unknown   |disabled |          |
.
spotify.com.	3600	IN	NS	dns1.p07.nsone.net.
spotify.com.	3600	IN	NS	dns2.p07.nsone.net.
spotify.com.	3600	IN	NS	dns3.p07.nsone.net.
spotify.com.	3600	IN	NS	dns4.p07.nsone.net.
spotify.com.	3600	IN	NS	ns-cloud-a1.googledomains.com.
spotify.com.	3600	IN	NS	ns-cloud-a2.googledomains.com.
spotify.com.	3600	IN	NS	ns-cloud-a3.googledomains.com.
spotify.com.	3600	IN	NS	ns-cloud-a4.googledomains.com.
spotify.com.	172800	IN	MX	1 aspmx.l.google.com.
spotify.com.	172800	IN	MX	10 aspmx2.googlemail.com.
spotify.com.	172800	IN	MX	10 aspmx3.googlemail.com.
spotify.com.	172800	IN	MX	10 aspmx4.googlemail.com.
spotify.com.	172800	IN	MX	10 aspmx5.googlemail.com.
spotify.com.	172800	IN	MX	5 alt1.aspmx.l.google.com.
spotify.com.	172800	IN	MX	5 alt2.aspmx.l.google.com.
_dmarc.spotify.com.	300	IN	TXT	"v=DMARC1; p=reject; sp=reject; pct=100; fo=1; rf=afrf; rua=mailto:9TPHS8MBN9@dmarc.inboxmonster.com; ruf=mailto:9TPHS8MBN9_ruf@dmarc.inboxmonster.com"
spotify.com.	300	IN	TXT	"v=spf1 ip4:80.76.146.172 ip4:80.76.146.173 include:_spf.google.com include:servers.mcsv.net include:_spf.salesforce.com ~all"
default._bimi.spotify.com.	300	IN	TXT	"v=BIMI1; l=https://message-editor.scdn.co/spotify-icon.svg"

NS
   OK  : NS of all nameservers are identical
   OK  : Multiple nameservers found
   OK  : Your nameservers are in different subnets.
   OK  : Nameservers are spread over multiple AS
   WARN: No IPv6 nameservers found. IPv6-only users will have problems.
   OK  : All nameservers are authoritative.
   OK  : All nameservers report they are not allowing recursive queries.
   OK  : Your nameservers are also listed as NS at the parent nameservers
   OK  : Your parent nameservers are also listed as NS at your nameservers
   OK  : No CNAMEs found for your NS records
GLUE
   WARN: no glue records found for [198.51.45.71 198.51.45.7 198.51.44.71 198.51.44.7] in NS of parent com.
   WARN: no glue records found for [216.239.32.106 216.239.38.106 198.51.44.7 198.51.45.7 216.239.36.106 198.51.44.71 216.239.34.106 198.51.45.71] in NS of spotify.com.
SOA
   FAIL: SOA not identical	 [dns1.p07.nsone.net.(198.51.44.7) dns2.p07.nsone.net.(198.51.45.7) dns3.p07.nsone.net.(198.51.44.71) dns4.p07.nsone.net.(198.51.45.71)]
   spotify.com.	3600	IN	SOA	dns1.p07.nsone.net. hostmaster.nsone.net. 1655908340 43200 7200 1209600 3600
   [ns-cloud-a3.googledomains.com.(216.239.36.106) ns-cloud-a2.googledomains.com.(216.239.34.106) ns-cloud-a1.googledomains.com.(216.239.32.106) ns-cloud-a4.googledomains.com.(216.239.38.106)]
   spotify.com.	21600	IN	SOA	ns-cloud-a1.googledomains.com. cloud-dns-hostmaster.google.com. 1 21600 3600 259200 300

   OK  : MNAME ns-cloud-a1.googledomains.com. is listed at the parent servers.
   OK  : Your nameservers have public / routable addresses.
MX
   OK  : MX of all nameservers are identical
   OK  : Multiple MX records found
   OK  : Your MX records have public / routable addresses.
   WARN: Same IP 172.253.113.27 is used by multiple MX records [alt2.aspmx.l.google.com. aspmx3.googlemail.com.].
   WARN: Same IP 142.250.152.26 is used by multiple MX records [alt1.aspmx.l.google.com. aspmx2.googlemail.com.].
   OK  : No CNAMEs found for your MX records
   OK  : All MX records have reverse PTR records
Web
   WARN: Didn't find a www record
   OK  : Found a root record
   OK  : Didn't find a CNAME for the root record
   OK  : Your www record has a public / routable address.
Spam
   OK  : DMARC records found.
   OK  : DMARC with reject policy.
   OK  : SPF records found.
   WARN: SPF record set to softfail.
   INFO: BIMI records found.
DNSSEC
   FAIL: validation failed. No DNSKEY found for spotify.com on 198.51.44.7

Note: you could argue that BIMI should not belong in the "Spam" section of the output but I added it there because the BIMI standard requires DMARC to be enforced and I wasn't sure of a better place for it to go. I also did not add any validation logic at this point in time, mostly adding the BIMI for informational purposes

42wim · 2022-06-24T23:25:06Z

Interesting, didn't know about BIMI records yet :)

42wim · 2022-06-24T23:27:13Z

Thanks!

add support for BIMI

876f366

42wim merged commit 384b1ec into 42wim:master Jun 24, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

add support for Brand Indicators for Message Identification (BIMI) records #11

add support for Brand Indicators for Message Identification (BIMI) records #11

jakewarren commented Jun 23, 2022

42wim commented Jun 24, 2022

42wim commented Jun 24, 2022

add support for Brand Indicators for Message Identification (BIMI) records #11

add support for Brand Indicators for Message Identification (BIMI) records #11

Conversation

jakewarren commented Jun 23, 2022

Changes

Footnotes

42wim commented Jun 24, 2022

42wim commented Jun 24, 2022