Trying to setup DKIM with external DNS

MillTech

Registered
Sep 9, 2016
4
0
1
UK
cPanel Access Level
Root Administrator
Hi,

I've enabled DKIM on the domain I am sending emails from but we use a third party DNS rather than the one on the web server. So, I went into the DNS in cPanel and there is a TXT entry for default._domainkey that is "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9HxBkbrxhaooARNXYW5/lCtTpCAvFxe1UH13oZ65EMMNvlQ4lMT+BmA/FCDZxjuP0lG5Kv4CDoHSGAp5vJYD8u2zaUvgUEOg8BvcBDK9evP+JKbEODHmobbye966C+bhd4ksOIUhFLXxGU2oB8QCBnIUC9JNkyChnBIRsOIiNedYjj3CaHYG9c+zLcKXa"/ps/jlVNTQ1Fs/6BQWHckMavMVKHHhUM5qcqrTHGM3Jaqif6vTyUcLuqB209JS8URznEAoVg1TqzqlmYgtX/ExuYnHVd7HhykGaGVR82BKyJF9Fan85CivtikejwMwIDAQAB\;

Now, I go to our DNS service and try to setup a TXT entry exactly as this but it rejects it saying that the value contains mismatched quotes.

My question is, what should I be entering into the DNS service to get this working?

Thanks
 
Last edited by a moderator:

mtindor

Well-Known Member
Sep 14, 2004
1,378
69
178
inside a catfish
cPanel Access Level
Root Administrator
I still haven't figured out why cPanel has chosen to write those 2048-bit DKIM strings to the zonefile in the format that they do. Maybe one of the alternative cPanel DNS choices doesn't support the two halves being double quoted. But bind does support it, and I would find it much more useful if they would write them as two double-quoted strings to begin with. And it would probably save some people from having issues like this, since the most popular nameservers and web interfaces to manage DNS seem to either not allow 2048-bit DKIM records at all or do allow them and want both halves double quoted.

Mike
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,225
463
Now, I go to our DNS service and try to setup a TXT entry exactly as this but it rejects it saying that the value contains mismatched quotes.
Hello,

Could you let us know which DNS service company you are configuring the DKIM record with?

Thank you.
 

BFFMediaInc

Member
Sep 29, 2016
8
1
1
USA
cPanel Access Level
Reseller Owner
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9HxBkbrxhaooARNXYW5/lCtTpCAvFxe1UH13oZ65EMMNvlQ4lMT+BmA/FCDZxjuP0lG5Kv4CDoHSGAp5vJYD8u2zaUvgUEOg8BvcBDK9evP+JKbEODHmobbye966C+bhd4ksOIUhFLXxGU2oB8QCBnIUC9JNkyChnBIRsOIiNedYjj3CaHYG9c+zLcKXa"/ps/jlVNTQ1Fs/6BQWHckMavMVKHHhUM5qcqrTHGM3Jaqif6vTyUcLuqB209JS8URznEAoVg1TqzqlmYgtX/ExuYnHVd7HhykGaGVR82BKyJF9Fan85CivtikejwMwIDAQAB\;
You most likely need to remove the " at the beginning and the \; at the end before adding it to the text file. If copied from cpanel there is also a ; with a space after it in the middle of the p= section. This is what I did for cloudflare.
 

BFFMediaInc

Member
Sep 29, 2016
8
1
1
USA
cPanel Access Level
Reseller Owner
Does anyone have trouble getting a DKIM key to work with add-on domains? My email is on .195 and I have multiple cpanels on different IPs, the DKIM key is the same for all the domains, however only the primary domain used to setup the cpanel passes the DKIM tests. All the domains, pri,mary and add-on on my .195 cpanel which is also the primary ip for my mail server pass. Only the add-ons on my other cpanel fail. the SPF records and dmarc are all good, DKIM fail.

Ideas?

Thanks.
 

BFFMediaInc

Member
Sep 29, 2016
8
1
1
USA
cPanel Access Level
Reseller Owner
Also, I tried to edit my post for errors and to be more easily read and I was flagged for "potential spam" being new here I don't want to have trouble or get flagged for anything, this is what I was doing. cpanel spam claim.jpg cpanel edits.jpg

I tried to contact a moderator but I can't figure that out either. Sorry, this forum software is different to me.

Thanks again.
 

BFFMediaInc

Member
Sep 29, 2016
8
1
1
USA
cPanel Access Level
Reseller Owner
I think I have this resolved. the dkim record in cpanel is only for the domain that the cpanel was setup for. it does not work for the add-on domains so if you have a client with cpanel access and not whm, they need to contact the admin to get those records from the whm dns zone. I would think cpanel would list dkim for each domain but apparently not.
 

ruzbehraja

Well-Known Member
May 19, 2011
392
11
68
cPanel Access Level
Root Administrator
I think I have this resolved. the dkim record in cpanel is only for the domain that the cpanel was setup for. it does not work for the add-on domains so if you have a client with cpanel access and not whm, they need to contact the admin to get those records from the whm dns zone. I would think cpanel would list dkim for each domain but apparently not.
Thats right. See: DKIM recipe with 3rd party / external DNS

find out your server's DKIM public key by going to /var/cpanel/domain_keys/public/ Type "more mywebsite.com" to see the public key. Copy the public key, not including the BEGIN/END lines.​
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,225
463
I think I have this resolved. the dkim record in cpanel is only for the domain that the cpanel was setup for. it does not work for the add-on domains so if you have a client with cpanel access and not whm, they need to contact the admin to get those records from the whm dns zone. I would think cpanel would list dkim for each domain but apparently not.
Hello,

Enabling DKIM for an account via the "Authentication" option in cPanel should add DKIM records to the DNS zones for the addon domain names linked to the account. Could you verify which version of cPanel is installed on the system if this is not happening?

Thank you.