DKIM and CloudFlare

[esports]

I moved a parked domain to it's own CPanel account. I deleted all 'old' DKIM keys, generated a new one via CPanel (Authentication tab). The message I got:

default._domainkey    14400    IN    TXT    "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+thDBzPCu5HvHAo4176Jg04x42FYoYtOPIEf6Px1ScCfdf2lFp9QDQL1iXc89IkA4Tpu8GjWc/U80zGSXYY3uNNTjr8miHdKAGfNyzGGIOKcRmIqKk6wBzNWVICPDOZnXRYf6wiQXNM7sgK2kc2QaCN27JX6Wt3WSgp7yfug1qtTha9PavQSxf4bQewYCs66" GrExjY3SmEdduvT/+AwcZBlnDAMdCYG9UYAVpxEWahITCGalv8XfrhWWG/t/ar0tQH2ZeIj0Spo+TlUx0b+XLqGKZkp7AoMT61ReW/IAVgNuQXAqT18cnLE5IIFtkKOpT8UP18lc+7E7qlkQsVWYQIDAZAB

I removed the "" and spaces and added the key to CloudFlare. Then I went to WHM, DNS Editor and added the the Dkim there as well.

When I email @verifier.port25.com
I get the following answer:

SPF check:          pass
DomainKeys check:   neutral
DKIM check:         permerror
Sender-ID check:    pass
SpamAssassin check: ham

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         permerror (key "default._domainkey.domain.com" doesn't exist)
ID(s) verified:
Canonicalized Headers:
    content-transfer-encoding:7bit'0D''0A'
    content-type:text/plain;'20'charset=windows-1252;'20'format=flowed'0D''0A'
    in-reply-to:<[email protected]>'0D''0A'
    mime-version:1.0'0D''0A'
    date:Sun,'20'21'20'Feb'20'2016'20'18:25:02'20'+0100'0D''0A'
    message-id:<[email protected]>'0D''0A'
    from:name'20'<[email protected]>'0D''0A'
    references:<[email protected]>'20'<[email protected]>'20'<[email protected]>'0D''0A'
    to:[email protected]'0D''0A'
    subject:dkim'0D''0A'
    dkim-signature:v=1;'20'a=rsa-sha256;'20'q=dns/txt;'20'c=relaxed/relaxed;'20'd=domain.com;'20's=default;'20'h=Content-Transfer-Encoding:Content-Type:'20'In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Subject;'20'bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=;'20'b=;

Canonicalized Body:

DNS record(s):
    default._domainkey.domain.com. TXT (NXDOMAIN)


-------------------------

What am I doing wrong? What's the correct process to add a DKIM to CPanel, DNS in WHM and CloudFlare?

 

[syslint]

Are you sure the domain keys are resolving properly using "dig" from the cloudflare dns cluster ?

 

[esports]

Are you sure the domain keys are resolving properly using "dig" from the cloudflare dns cluster ?

I am not sure what you mean. Can you be more specific, in a noob way?

If it helps, prior moving domain, the cf was resolving the dns correctly.

 

[syslint]

Run the following command in your shell.

# dig -t TXT default._domainkey.YOURDOMAINNAME.COM +trace

 

[esports]

Run the following command in your shell.

# dig -t TXT default._domainkey.YOURDOMAINNAME.COM +trace

Returns this:

;; global options: +cmd
. 6158 IN NS c.root-servers.net.
. 6158 IN NS f.root-servers.net.
. 6158 IN NS m.root-servers.net.
. 6158 IN NS j.root-servers.net.
. 6158 IN NS g.root-servers.net.
. 6158 IN NS l.root-servers.net.
. 6158 IN NS a.root-servers.net.
. 6158 IN NS b.root-servers.net.
. 6158 IN NS d.root-servers.net.
. 6158 IN NS i.root-servers.net.
. 6158 IN NS h.root-servers.net.
. 6158 IN NS e.root-servers.net.
. 6158 IN NS k.root-servers.net.
;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 92 ms

com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
;; Received 487 bytes from my.IP in 103 ms

I guess this means that I have none. How can I generate one, copy it and add it in WHM & CloudFlare?
If I click enable / disable in CPanel I do not see the key to copy it

 

[cPanelMichael]

Hello

Please let us know if this document from CloudFlare is helpful:

How do I add DKIM records?

Also, have you used a website such as IntoDNS to verify which name server your DNS records are handled at?

Thank you.

 

[esports]

Hello

Please let us know if this document from CloudFlare is helpful:

How do I add DKIM records?

Also, have you used a website such as IntoDNS to verify which name server your DNS records are handled at?

Thank you.

Thank you for your reply.
I know how to add the DKIM key to CloudFlare. I don't have a DKIM key to add...

The nameservers are the ones from CloudFlare. It works ok. I just don't have a DKIM. I need to generate one, add it to DNS Editor in WHM and to CloudFlare. Not sure how to generate one..... (or better said, a new one)

Edit: I did check intodns . Everything was fine there. The only thing I am missing is a DKIM key which doesn't show up there

 

[esports]

Last night I tried again: I activated DKIM in CPANEL, added a new TXT in DNS Editor (WHM) and the same in CloudFlare.

This is the result I got. Not sure what to do. The "public key" there is also the one displayed when running
# dig -t TXT default._domainkey.YOURDOMAINNAME.COM +trace
- Removed -

I also do not understand now what do the DNS entries in the WHM do? So far I know, Cloudflare handles all the DNS so I went on and deleted all DNS from WHM...

Now I cannot activate / deactivate SPF and DKIM...

 

[cPanelMichael]

Last night I tried again: I activated DKIM in CPANEL, added a new TXT in DNS Editor (WHM) and the same in CloudFlare.

Hello

You don't need to add an additional TXT record to the DNS zone on the cPanel server after enabling DKIM via the "Authentication" option in cPanel. This option automatically adds the DNS record for you. Thus, you simply need to copy the record over to CloudFlare. Please ensure you remove any existing TXT records for this DKIM entry in cPanel, and then enable DKIM through cPanel. You can obtain the record by viewing the zone file through "WHM >> Edit DNS Zone" or via this command:

cat /var/named/domain.com.db

Thank you.

 

[PHILLIP BOOTH]

This is what you are using

"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+thDBzPCu5HvHAo4176Jg04x42FYoYtOPIEf6Px1ScCfdf2lFp9QDQL1iXc89IkA4Tpu8GjWc/U80zGSXYY3uNNTjr8miHdKAGfNyzGGIOKcRmIqKk6wBzNWVICPDOZnXRYf6wiQXNM7sgK2kc2QaCN27JX6Wt3WSgp7yfug1qtTha9PavQSxf4bQewYCs66"
GrExjY3SmEdduvT/+AwcZBlnDAMdCYG9UYAVpxEWahITCGalv8XfrhWWG/t/ar0tQH2ZeIj0Spo+TlUx0b+XLqGKZkp7AoMT61ReW/IAVgNuQXAqT18cnLE5IIFtkKOpT8UP18lc+7E7qlkQsVWYQIDAZAB

Change it to this

"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+thDBzPCu5HvHAo4176Jg04x42FYoYtOPIEf6Px1ScCfdf2lFp9QDQL1iXc89IkA4Tpu8GjWc/U80zGSXYY3uNNTjr8miHdKAGfNyzGGIOKcRmIqKk6wBzNWVICPDOZnXRYf6wiQXNM7sgK2kc2QaCN27JX6Wt3WSgp7yfug1qtTha9PavQSxf4bQewYCs66GrExjY3SmEdduvT/+AwcZBlnDAMdCYG9UYAVpxEWahITCGalv8XfrhWWG/t/ar0tQH2ZeIj0Spo+TlUx0b+XLqGKZkp7AoMT61ReW/IAVgNuQXAqT18cnLE5IIFtkKOpT8UP18lc+7E7qlkQsVWYQIDAZAB"

The key is broken down into multiple parts remove the " in the middle and join the string together and then add the " to the end

so 66" Gr

becomes 66Gr