DKIM and CloudFlare

esports · Feb 21, 2016

I moved a parked domain to it's own CPanel account. I deleted all 'old' DKIM keys, generated a new one via CPanel (Authentication tab). The message I got:

Code:

default._domainkey    14400    IN    TXT    "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+thDBzPCu5HvHAo4176Jg04x42FYoYtOPIEf6Px1ScCfdf2lFp9QDQL1iXc89IkA4Tpu8GjWc/U80zGSXYY3uNNTjr8miHdKAGfNyzGGIOKcRmIqKk6wBzNWVICPDOZnXRYf6wiQXNM7sgK2kc2QaCN27JX6Wt3WSgp7yfug1qtTha9PavQSxf4bQewYCs66" GrExjY3SmEdduvT/+AwcZBlnDAMdCYG9UYAVpxEWahITCGalv8XfrhWWG/t/ar0tQH2ZeIj0Spo+TlUx0b+XLqGKZkp7AoMT61ReW/IAVgNuQXAqT18cnLE5IIFtkKOpT8UP18lc+7E7qlkQsVWYQIDAZAB

I removed the "" and spaces and added the key to CloudFlare. Then I went to WHM, DNS Editor and added the the Dkim there as well.

When I email @verifier.port25.com
I get the following answer:

Code:

SPF check:          pass
DomainKeys check:   neutral
DKIM check:         permerror
Sender-ID check:    pass
SpamAssassin check: ham

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result:         permerror (key "default._domainkey.domain.com" doesn't exist)
ID(s) verified:
Canonicalized Headers:
    content-transfer-encoding:7bit'0D''0A'
    content-type:text/plain;'20'charset=windows-1252;'20'format=flowed'0D''0A'
    in-reply-to:<1fd0dd9e416753e1c7202abf67d445c0@domain.com>'0D''0A'
    mime-version:1.0'0D''0A'
    date:Sun,'20'21'20'Feb'20'2016'20'18:25:02'20'+0100'0D''0A'
    message-id:<56C9F2EE.8030300@domain.com>'0D''0A'
    from:name'20'<name@domain.com>'0D''0A'
    references:<1078d5fa795fb3c65593c35233d11737@domain.com>'20'<f016a483cc857ded8f3770536d599592@domain.com>'20'<1fd0dd9e416753e1c7202abf67d445c0@domain.com>'0D''0A'
    to:check-auth@verifier.port25.com'0D''0A'
    subject:dkim'0D''0A'
    dkim-signature:v=1;'20'a=rsa-sha256;'20'q=dns/txt;'20'c=relaxed/relaxed;'20'd=domain.com;'20's=default;'20'h=Content-Transfer-Encoding:Content-Type:'20'In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Subject;'20'bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=;'20'b=;

Canonicalized Body:

DNS record(s):
    default._domainkey.domain.com. TXT (NXDOMAIN)


-------------------------

What am I doing wrong? What's the correct process to add a DKIM to CPanel, DNS in WHM and CloudFlare?

syslint · Feb 22, 2016

Are you sure the domain keys are resolving properly using "dig" from the cloudflare dns cluster ?

esports · Feb 22, 2016

syslint said: ↑

Are you sure the domain keys are resolving properly using "dig" from the cloudflare dns cluster ?
Click to expand...

I am not sure what you mean. Can you be more specific, in a noob way?

If it helps, prior moving domain, the cf was resolving the dns correctly.

syslint · Feb 22, 2016

Run the following command in your shell.

# dig -t TXT default._domainkey.YOURDOMAINNAME.COM +trace

esports · Feb 22, 2016

syslint said: ↑

Run the following command in your shell.

# dig -t TXT default._domainkey.YOURDOMAINNAME.COM +trace
Click to expand...

Returns this:

;; global options: +cmd
. 6158 IN NS c.root-servers.net.
. 6158 IN NS f.root-servers.net.
. 6158 IN NS m.root-servers.net.
. 6158 IN NS j.root-servers.net.
. 6158 IN NS g.root-servers.net.
. 6158 IN NS l.root-servers.net.
. 6158 IN NS a.root-servers.net.
. 6158 IN NS b.root-servers.net.
. 6158 IN NS d.root-servers.net.
. 6158 IN NS i.root-servers.net.
. 6158 IN NS h.root-servers.net.
. 6158 IN NS e.root-servers.net.
. 6158 IN NS k.root-servers.net.
;; Received 228 bytes from 8.8.8.8#53(8.8.8.8) in 92 ms

com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
;; Received 487 bytes from my.IP in 103 ms

I guess this means that I have none. How can I generate one, copy it and add it in WHM & CloudFlare?
If I click enable / disable in CPanel I do not see the key to copy it

cPanelMichael · Feb 22, 2016

Hello

Please let us know if this document from CloudFlare is helpful:

How do I add DKIM records?

Also, have you used a website such as IntoDNS to verify which name server your DNS records are handled at?

Thank you.

esports · Feb 22, 2016

cPanelMichael said: ↑

Hello

Please let us know if this document from CloudFlare is helpful:

How do I add DKIM records?

Also, have you used a website such as IntoDNS to verify which name server your DNS records are handled at?

Thank you.
Click to expand...

Thank you for your reply.
I know how to add the DKIM key to CloudFlare. I don't have a DKIM key to add...

The nameservers are the ones from CloudFlare. It works ok. I just don't have a DKIM. I need to generate one, add it to DNS Editor in WHM and to CloudFlare. Not sure how to generate one..... (or better said, a new one)

Edit: I did check intodns . Everything was fine there. The only thing I am missing is a DKIM key which doesn't show up there

esports · Feb 23, 2016

Last night I tried again: I activated DKIM in CPANEL, added a new TXT in DNS Editor (WHM) and the same in CloudFlare.

This is the result I got. Not sure what to do. The "public key" there is also the one displayed when running
# dig -t TXT default._domainkey.YOURDOMAINNAME.COM +trace
- Removed -

I also do not understand now what do the DNS entries in the WHM do? So far I know, Cloudflare handles all the DNS so I went on and deleted all DNS from WHM...

Now I cannot activate / deactivate SPF and DKIM...

cPanelMichael · Feb 23, 2016

esports said: ↑

Last night I tried again: I activated DKIM in CPANEL, added a new TXT in DNS Editor (WHM) and the same in CloudFlare.
Click to expand...

Hello

You don't need to add an additional TXT record to the DNS zone on the cPanel server after enabling DKIM via the "Authentication" option in cPanel. This option automatically adds the DNS record for you. Thus, you simply need to copy the record over to CloudFlare. Please ensure you remove any existing TXT records for this DKIM entry in cPanel, and then enable DKIM through cPanel. You can obtain the record by viewing the zone file through "WHM >> Edit DNS Zone" or via this command:
Code:
cat /var/named/domain.com.db
Thank you.

PHILLIP BOOTH · Feb 25, 2016

This is what you are using

"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+thDBzPCu5HvHAo4176Jg04x42FYoYtOPIEf6Px1ScCfdf2lFp9QDQL1iXc89IkA4Tpu8GjWc/U80zGSXYY3uNNTjr8miHdKAGfNyzGGIOKcRmIqKk6wBzNWVICPDOZnXRYf6wiQXNM7sgK2kc2QaCN27JX6Wt3WSgp7yfug1qtTha9PavQSxf4bQewYCs66"
GrExjY3SmEdduvT/+AwcZBlnDAMdCYG9UYAVpxEWahITCGalv8XfrhWWG/t/ar0tQH2ZeIj0Spo+TlUx0b+XLqGKZkp7AoMT61ReW/IAVgNuQXAqT18cnLE5IIFtkKOpT8UP18lc+7E7qlkQsVWYQIDAZAB

Change it to this

"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3+thDBzPCu5HvHAo4176Jg04x42FYoYtOPIEf6Px1ScCfdf2lFp9QDQL1iXc89IkA4Tpu8GjWc/U80zGSXYY3uNNTjr8miHdKAGfNyzGGIOKcRmIqKk6wBzNWVICPDOZnXRYf6wiQXNM7sgK2kc2QaCN27JX6Wt3WSgp7yfug1qtTha9PavQSxf4bQewYCs66GrExjY3SmEdduvT/+AwcZBlnDAMdCYG9UYAVpxEWahITCGalv8XfrhWWG/t/ar0tQH2ZeIj0Spo+TlUx0b+XLqGKZkp7AoMT61ReW/IAVgNuQXAqT18cnLE5IIFtkKOpT8UP18lc+7E7qlkQsVWYQIDAZAB"

The key is broken down into multiple parts remove the " in the middle and join the string together and then add the " to the end

so 66" Gr

becomes 66Gr

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

DKIM and CloudFlare

esports Member

syslint Well-Known Member

esports Member

syslint Well-Known Member

esports Member

cPanelMichael Forums Analyst
Staff Member

esports Member

esports Member

cPanelMichael Forums Analyst
Staff Member

PHILLIP BOOTH Member

DKIM Invalid using Cloudflare

How to Use DKIM (with cPanel + Cloudflare)

DKIM signed domain hosted by another provider?

Location of DKIM private key?

DKIM unable to verify that this server is an authoritative nameserver

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

DKIM and CloudFlare

esports Member

syslint Well-Known Member

esports Member

syslint Well-Known Member

esports Member

cPanelMichael Forums Analyst Staff Member

esports Member

esports Member

cPanelMichael Forums Analyst Staff Member

PHILLIP BOOTH Member

DKIM Invalid using Cloudflare

How to Use DKIM (with cPanel + Cloudflare)

DKIM signed domain hosted by another provider?

Location of DKIM private key?

DKIM unable to verify that this server is an authoritative nameserver

Share This Page

cPanelMichael Forums Analyst
Staff Member

cPanelMichael Forums Analyst
Staff Member