The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

My new DKIM is in another format than I expected?

Discussion in 'Bind / DNS / Nameserver Issues' started by Rasmusbdk, Dec 4, 2015.

  1. Rasmusbdk

    Rasmusbdk Member

    Joined:
    Dec 3, 2015
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Denmark
    cPanel Access Level:
    Root Administrator
    I am about to register a DKIM for a new domain. However, that format differs form what I expect. cPanel is giving me this:

    default._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvbBZcUcajRf+nP+BSvhsa8roEcor2rf9oLs98u8HrqjZgpHQJ4frbA2C8OuRlPGN9JzZKpTmeeJg2eITeJXlQsc88xX0hqZCogDUeUcTLghDhw2Vd7q5AWG6mDcc3F2HJ0q5GwkYTS7d6D9nXCGcSE/M/F2pgwBe5MI5S9h60cr+XhHrK3uDCW3QNMj6jRDIW" 3o5WquA5/MmQJJ38BwMzn/7HJwcL6aJ5EnA3KlLi413kK820f4h2E+u4dAT5Kmua7x8Lx1ny7oEZH/MBQoEMq0s7XuDD+d0gR/0VCHvQ6PhZf4wOwzGIO6jn/Fb/pywAgQqZRglRGZLbcoHHQCIgQIDAQAB\;

    Please pay attention to the placement of the double quotes - it is ended inside the p-string, and then theres another string after that. I'm having problems getting my DKIM to verify.

    Shall I do something different than just pasting the "v= xxxx as text record?

    THanks!
     
  2. Rasmusbdk

    Rasmusbdk Member

    Joined:
    Dec 3, 2015
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Denmark
    cPanel Access Level:
    Root Administrator
    Thanks for your link. I didn't know that I could make more than one entry for the same key.

    cPanel recognizes my DKIM now, and says that everything is fine. However, my DNS seems to be changing the order of the keys. I've entered them exactly like in my post with each line as a record, however the DNS reorders it like this:

    i.imgur.com/u4sC8lI.jpg

    The result isn't verified as DKIM. I also tried editing afterwards, forcing the order to be like intended. However, neither way is verified. A DKIM checker gives me the following:

    i.imgur.com/9sQut4R.jpg

    I can't for the life of me figure out what's going wrong...
     
    #3 Rasmusbdk, Dec 5, 2015
    Last edited by a moderator: Dec 7, 2015
  3. mtindor

    mtindor Well-Known Member

    Joined:
    Sep 14, 2004
    Messages:
    1,281
    Likes Received:
    37
    Trophy Points:
    48
    Location:
    inside a catfish
    cPanel Access Level:
    Root Administrator
    I have a question. Are you using cPanel for the authoritative DNS? Or are you creating the DKIM record by enabling DKIM in cpanel and then attempting to copy the DKIM TXT record to another DNS server (like Godaddy, Enom, NetSol, or some other separate DNS system)?

    If the DKIM record is added in via your cPanel interface --> Email --> Authentication --> DKIM --> enable, then it should work just fine without any further modification.

    However, if you are attempting to use Advanced DNS Editor to add a DKIM key, that's probably a little more tricky. For some reason, cPanel doesn't write the DKIM TXT record to the zone file properly [in my mind]. (1) there is no need for the \; at the end of the DKIM record and (2) both parts of the DKIM record should be surrounded by "" ( eg: "adfljalfkjasdf" "afllkajsdflkj" ). I have no idea why cPanel doesn't do this. And I've actually tried to correct the DKIM TXT record by editing the zonefile manually, but then the Advanced DNS Editor doesn't know how to handle it.

    And if you are attempting to create a DKIM record inside cPanel and then copy that to external authoritative nameservers, you probably want to modify it.

    On a cPanel server, if you manually look at the zonefile in /var/named, you would expect to see something like this:

    Code:
    default._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs33qxgXg2J8Fr+B4OY487PEDO0PSlGTjr7XnUBNq3V79ZBPSjedUsrthTbNdFJGQXDNhDVGXgWlc44J1Ge/EhYGdHzEptoM7RuWlL0cgMn2OXmdsjQ/Ag/4Zsqg+4aiMQMdIdvmKlzIFpNYmc7art9jj8cV9WwdNLIKqH9ieS48J+3XxKwZhr1E2nFWHl9rkL" zN18bKnw2wm5xSrvP71oDSa7H6cFToBb16vegNgDzekmHH584XmifGEiN6JZZGzQ7pqde12APo38UZ7//GECFD8cYMZYID+XQnLU6wKYzvsvTS/C789eZUGUHi4LNBdfLMU810TQzGxriSOIIDnzwIDAQAB\;
    
    However, if you were going to take that key (that you created in cPanel) and add it to an external nameserver [because you are using external nameservers for authoritative DNS], then you would likely want to add the record like this:

    Code:
    default._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs33qxgXg2J8Fr+B4OY487PEDO0PSlGTjr7XnUBNq3V79ZBPSjedUsrthTbNdFJGQXDNhDVGXgWlc44J1Ge/EhYGdHzEptoM7RuWlL0cgMn2OXmdsjQ/Ag/4Zsqg+4aiMQMdIdvmKlzIFpNYmc7art9jj8cV9WwdNLIKqH9ieS48J+3XxKwZhr1E2nFWHl9rkL" "zN18bKnw2wm5xSrvP71oDSa7H6cFToBb16vegNgDzekmHH584XmifGEiN6JZZGzQ7pqde12APo38UZ7//GECFD8cYMZYID+XQnLU6wKYzvsvTS/C789eZUGUHi4LNBdfLMU810TQzGxriSOIIDnzwIDAQAB"
    
    Notice how in the second example (for an external nameserver), both parts of the record are surrounded by "", with a space in between -- for example: "sdfkjskdf" "sdlkjsldfkj". Also notice that i removed the \; at the end. It's okay for it to be there (inside the quotes) , but it doesn't need to be there.

    That is how you should do it if you are adding the DKIM record through some domain registrar's interface, or if you are adding into it into a standard BIND dns zone file. However, in cPanel you don't want to add it with the "" around both parts because cPanel's DNS Editor will then throw a fit.

    To be more clear:

    a valid DKIM entry in DNS on a cPanel server looks like this:

    Code:
    "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs33qxgXg2J8Fr+B4OY487PEDO0PSlGTjr7XnUBNq3V79ZBPSjedUsrthTbNdFJGQXDNhDVGXgWlc44J1Ge/EhYGdHzEptoM7RuWlL0cgMn2OXmdsjQ/Ag/4Zsqg+4aiMQMdIdvmKlzIFpNYmc7art9jj8cV9WwdNLIKqH9ieS48J+3XxKwZhr1E2nFWHl9rkL" zN18bKnw2wm5xSrvP71oDSa7H6cFToBb16vegNgDzekmHH584XmifGEiN6JZZGzQ7pqde12APo38UZ7//GECFD8cYMZYID+XQnLU6wKYzvsvTS/C789eZUGUHi4LNBdfLMU810TQzGxriSOIIDnzwIDAQAB\;
    
    a valid DKIM entry in DNS on just about any other DNS server / DNS record interface looks like this:

    Code:
    "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs33qxgXg2J8Fr+B4OY487PEDO0PSlGTjr7XnUBNq3V79ZBPSjedUsrthTbNdFJGQXDNhDVGXgWlc44J1Ge/EhYGdHzEptoM7RuWlL0cgMn2OXmdsjQ/Ag/4Zsqg+4aiMQMdIdvmKlzIFpNYmc7art9jj8cV9WwdNLIKqH9ieS48J+3XxKwZhr1E2nFWHl9rkL" "zN18bKnw2wm5xSrvP71oDSa7H6cFToBb16vegNgDzekmHH584XmifGEiN6JZZGzQ7pqde12APo38UZ7//GECFD8cYMZYID+XQnLU6wKYzvsvTS/C789eZUGUHi4LNBdfLMU810TQzGxriSOIIDnzwIDAQAB"
    

    Mike
     
  4. Rasmusbdk

    Rasmusbdk Member

    Joined:
    Dec 3, 2015
    Messages:
    16
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Denmark
    cPanel Access Level:
    Root Administrator
    Thanks for all the suggestions! I ended up contacting my DNS provider (paid support) and got the following format:
    v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1n0BEj8fwxZXhe5Eqg9M10nSMpDEqa88cOqb0Yr6V/3brxaLMCjO0+d17IhCjBzm5+muelDW2BaqiniUXSXK1mTdUbveg5K/YLQGDB2+fV2cvQhtgzj7utqV6dGAQRuMm8BsjZe719qH4n5OPIQGit6Y5dj0AbukfhXTqAcO "CcVQTEbdFgZOh3VITw3cqcvXi" BHQ1iJC7oHlksY9+8Pj2ekUJ9Q3cgGdJotNByfKUgn0UUsw7HSOx03SVeW5chxH

    I have no idea why it works, but it does..
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    I am happy to see your DNS provider was able to help you with the correct format of the record in their interface. Thank you for updating us with the outcome.
     
Loading...

Share This Page