The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to Enter DKIM record into DNS Zone

Discussion in 'E-mail Discussions' started by sukrub, Feb 20, 2016.

Tags:
  1. sukrub

    sukrub Member

    Joined:
    Oct 25, 2011
    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi:

    I have a rather simple question, that I could not find an answer.

    I am trying to enter DKIM into DNS zone for the domain myTestDomain.com

    I have a dedicated server hosting about 20 domains.

    I have my DNS zone in goDaddy and Current DNS for myTestDomain is
    @ aaa.bbb.ccc.ddd
    mail aaa.bbb.ccc.ddd

    GoDaddy claims they have not heard of DKIM, therefore they do not support it.

    My hosting company says
    "I can support the systems offered here but not really advise on godaddy's support or abilities.

    Have you considered using name servers on the cpanel server here as they do all this and manage it for you? I can also provide support for these."

    I would like to keep things not changed, or change them one at a time (I have just switched hosting company). So I would like to create a TXT record in goDaddy DNS zone with the cPanel supplied DKIM key.

    I have the following raw DKIM ( edited ) in cPanel under Email Authentication for myTestDomain.com

    default._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgPTREEAva4y0+jFeeSZXZqrcdDjU+BZGF5nyT6RZVnU6rkFv+SHt0pnNHPoTUbmNp8LGsWEMQgfYpLoro/iZ9BvyoBC3hPj9/7yhiHd85EJqbU0rbNV/netPPT1MRzY83wMS0cPnMBdh1J1e26yXgJ2B6ccyOj+DUrSbM35lko8EOG6sLXXsGJZMfRV2MLGzuncE9Sq7" i4Io61wnkPYVd6mDeyWy/7hn9+l3jY62iwRBLdhjfjj3csbdOSqqyYN3Arg1Ad7+EGbEf7Qv4E5SLWdxINa0zELJzxrTOPJ8ZZG7cUMh5TYJb1TXvLnCDcGEnqJsLXf56dCST5mNlni9EtEj5PAMwIDAQAB\;

    in goDaddy, Under add TXT record, what do I enter EXACTLY for the following 2 fields.

    HOST:

    TXT Value:
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    671
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    For "host", enter:

    default._domainkey

    The TXT value is the actual record, including the quotes, depending on how your specific DNS provider handles the entries.

    Thank you.
     
  3. Kevin Andrews

    Kevin Andrews Registered

    Joined:
    Mar 18, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    California
    cPanel Access Level:
    Root Administrator
    And therein lies the rub . . .

    I also have been trying to deal with GoDaddy, and they seriously said they don't know what DKIM is. The first person I talked to on chat told me that I should put @ as the host. Which I knew was wrong, but she insisted. I gave up and tried phoning. That person was more helpful but he also had never heard of it. "What is it? DKI? What is it? Are you trying to register a domain name?"

    He finally checked with someone else and found out what it is, but he couldn't tell me the answer to this question. He said, "That's a custom DNS so we can't help you with that." My hosting provider similarly pointed at GoDaddy and said I'd have to ask them.

    The problem is that the format in which cpanel provides the DKIM record is not the same as GoDaddy. There are no quotes around it in GoDaddy, and it doesn't have a trailing ;/ So, simple right? Just remove those. But it is more complicated than that. My cpanel generated DKIM actually had two lines. There was a quote at the beginning, and at the end of the first line, right in the middle of the record. On some. But not all.

    Anyway, I tried all the various permutations that occurred to me to use, with quotes, without quotes, with trailing slash, etc. And of course, each time, waiting from 10 minutes to several hours for DNS propagation each time. But I haven't made any progress at all.

    I'd sure like to find an answer to this question. And also to suggest that since cPanel is so widely used and GoDaddy is also a major provider being used by so many, that perhaps GoDaddy and cPanel can arrange a meeting of the minds and come up with an instructable on how to enter cPanel DKIM records into GoDaddy DNS. :)
     
  4. Kevin Andrews

    Kevin Andrews Registered

    Joined:
    Mar 18, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    California
    cPanel Access Level:
    Root Administrator
    I submitted a ticket to cPanel support after spending hours working with a host of experts, each of whom offered conflicting and sometimes painfully ignorant solutions, none of which worked. Having spent an entire day working on it, I submitted the ticket and went to bed.

    When I woke in the morning, I found a response from cPanel in which the problem was clearly identified and solved.

    "Basically, when a TXT record is longer then 254 characters, it is split. This should be appropriately split into two separate strings, which would then be combined in the record itself." (from the cPanel response)

    Based on this revelation, I resolved my problem by copying the cPanel DKIM record into a simple text editor with word wrap turned off, then removed all quotes from the record and removing all spaces and line breaks from the "p=" portion of the record, along with the trailing /; so that the record was one long string, and pasted the record into GoDaddy. After saving and waiting 10 minutes, test emails were passing DKIM.

    Note that GoDaddy has their own way of doing this. Specifically, they do not want to see quotes included in the record. If your DNS is with GoDaddy, this should work for you. If with someone else, you may need to adjust accordingly.
     
    #4 Kevin Andrews, Mar 18, 2016
    Last edited: Mar 18, 2016
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    671
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello Kevin :)

    Thank you for taking the time to not only report this issue on our forums, but for also updating this thread with the outcome after finding a solution via a support ticket. We find great value in this type of feedback because it helps us to improve our documentation, and create solutions that will improve the user experience. We now have an internal case open with our documentation team to come up with the best way to advise users on how to configure their DKIM records on specific providers, similar to how we do so for name servers on this document:

    How to Set Up Nameservers in a cPanel & WHM Environment - cPanel Knowledge Base - cPanel Documentation

    I'll update this thread with more information when this document is released.

    Thank you.
     
  6. Solokron

    Solokron Well-Known Member

    Joined:
    Aug 8, 2003
    Messages:
    849
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    Seattle
    cPanel Access Level:
    DataCenter Provider
    We are seeing the same issue with a client with cpanel generating the following and DNSMadeEasy not accepting because it is producing a total of 441 characters for the text area.
     
  7. Zoop

    Zoop Member

    Joined:
    Feb 15, 2016
    Messages:
    13
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Netherlands
    cPanel Access Level:
    Root Administrator
    Hey I just wanted to add, most providers and services refer to http://dkimcore.org/tools/ for validating the key, and about 7 out of 10 keys that CPanel generated for me did not validate through this tool (this is my workflow now, first check it with that site, and then modify they key until it does validate before using it).
     
  8. Zoop

    Zoop Member

    Joined:
    Feb 15, 2016
    Messages:
    13
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Netherlands
    cPanel Access Level:
    Root Administrator
    Oh and what Kevin said makes total sense, now I know what to look for, why and when.
     
  9. havok89

    havok89 Registered

    Joined:
    Mar 22, 2016
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Glasgow
    cPanel Access Level:
    Root Administrator

    I am being given a total of 441 characters too and fasthosts just wont accept it.
    When contacting their support im just being told to get a shorter DKIM key which doesnt seam possible
     
  10. Chris Strzelczyk

    Chris Strzelczyk Registered

    Joined:
    Mar 24, 2016
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Washington, MI
    cPanel Access Level:
    Root Administrator

    This is a case of standards pushing providers and the providers sadly have not caught up yet. I spoke with DNSMADEEASY and they state that you can add the value in two parts.

    "part one" "part two"

    They haven't made this trivial nor is it documented anywhere. I haven't tried this yet, but I'm going to give it a whirl later tonight. I suspect that part one needs to be 254 chars max. Cpanel currently does the splitting for you, but it does not add the correct amount of double quotes.

    QUESTION:
    What if we wanted to go to a 1024 bit key length? Is that possible? Could we run openssl genrsa..... and replace the files in /var/cpanel/domain_keys/[private|public] with the new values? OR do the keys get entered into some database table as well?

    I think Google Gmail still supports 1024 bit keys and up. So this may work as a short term solution for customers dealing with DNS providers that have not caught up to the standards.

    Cheers,
    -cs
     
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    671
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    We are in the initial stages of communicating with the remote DNS providers referenced on this thread in order to come up with a solution that makes it easier for users to directly copy and paste the DKIM record generated in cPanel to the interface provided by their remote DNS provider. I'll update this thread with more information as it becomes available.

    Thank you.
     
  12. BottNet

    BottNet Member

    Joined:
    Jun 25, 2015
    Messages:
    17
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Rochester, NY
    cPanel Access Level:
    Root Administrator
    Hello...Same issue with Enom. Even right on their page it reads "NOTE: Due to the limitation of our Host Records maximum length, we only support up to 1024 bit DomainKeys."

    Support for DKIM or DomainKeys on our DNS

    THIS 100% is very bad that we are now forced to use the new key vs 1024. This has totally messed us up at this time and we have NO RESOLVE for it. How can CP not be all over this very wide spread issue that is affecting SO MANY people. Give us back 1024 or give us the option to select what to use.

    This is very poor to say the least.
     
  13. BottNet

    BottNet Member

    Joined:
    Jun 25, 2015
    Messages:
    17
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    Rochester, NY
    cPanel Access Level:
    Root Administrator
    BTW...Even check-auth@verifier.port25.com checker says the key is not right...

    Result: permerror (invalid key: error reading public key:
    139679786096384:error:0D07209B:asn1 encoding routines:ASN1_get_object:too
    long
    :asn1_lib.c:142:;139679786096384:error:0D068066:asn1 encoding
    routines:ASN1_CHECK_TLEN:bad object
    header:tasn_dec.c:1306:;139679786096384:error:0D07803A:asn1 encoding
    routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=X509_PUBKEY;)
     
  14. BrendanWh

    BrendanWh Registered

    Joined:
    Jun 24, 2015
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Attawapiskat, Ontario Canada
    cPanel Access Level:
    Root Administrator
    Hi,

    I contacted to NamCheap by support ticket that they doesn't support 2048-bits for DKIM txt record but only supported 1024-bits because I'm purchased to PremiumDNS from Namecheap.com

    There is online tool like 1024-bits? I tried to contacted to OVH that not support provide like Control Panel but only server, hardware issues. OVH suggested me to Google search and nothing which best option in 1024-bits. I'm using CentOS 7 - 64-bits + root administrator.


    Thanks, Brendan Wheesk
    PS: I'm not good English if not clear or understand.
     
  15. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,811
    Likes Received:
    671
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    A user has submitted a manual workaround on the following thread that you may find helpful:

    Generate 1024-bit DKIM keys

    We are still in the process of communicating with these providers to support the DKIM entry as we present it in cPanel. I'll update this thread with more information as it becomes available.

    Thank you.
     
Loading...

Share This Page