Trying to setup DKIM with external DNS

[MillTech]

Hi,

I've enabled DKIM on the domain I am sending emails from but we use a third party DNS rather than the one on the web server. So, I went into the DNS in cPanel and there is a TXT entry for default._domainkey that is "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9HxBkbrxhaooARNXYW5/lCtTpCAvFxe1UH13oZ65EMMNvlQ4lMT+BmA/FCDZxjuP0lG5Kv4CDoHSGAp5vJYD8u2zaUvgUEOg8BvcBDK9evP+JKbEODHmobbye966C+bhd4ksOIUhFLXxGU2oB8QCBnIUC9JNkyChnBIRsOIiNedYjj3CaHYG9c+zLcKXa"/ps/jlVNTQ1Fs/6BQWHckMavMVKHHhUM5qcqrTHGM3Jaqif6vTyUcLuqB209JS8URznEAoVg1TqzqlmYgtX/ExuYnHVd7HhykGaGVR82BKyJF9Fan85CivtikejwMwIDAQAB\;

Now, I go to our DNS service and try to setup a TXT entry exactly as this but it rejects it saying that the value contains mismatched quotes.

My question is, what should I be entering into the DNS service to get this working?

Thanks

 

[MillTech]

Okay, I found out the problem. The second part of the string should also be quoted for my DNS server.

All works now.

 

[mtindor]

I still haven't figured out why cPanel has chosen to write those 2048-bit DKIM strings to the zonefile in the format that they do. Maybe one of the alternative cPanel DNS choices doesn't support the two halves being double quoted. But bind does support it, and I would find it much more useful if they would write them as two double-quoted strings to begin with. And it would probably save some people from having issues like this, since the most popular nameservers and web interfaces to manage DNS seem to either not allow 2048-bit DKIM records at all or do allow them and want both halves double quoted.

Mike

 

[cPanelMichael]

Now, I go to our DNS service and try to setup a TXT entry exactly as this but it rejects it saying that the value contains mismatched quotes.

Hello,

Could you let us know which DNS service company you are configuring the DKIM record with?

Thank you.

 

[MillTech]

Yes, it is "DNS made easy"

 

[cPanelMichael]

Yes, it is "DNS made easy"

Let us know if the following post helps:

incorrect DKIM key generated by cPanel

Thank you.

 

[MillTech]

It offers the same solution as the one I worked out myself.

 

[BFFMediaInc]

"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9HxBkbrxhaooARNXYW5/lCtTpCAvFxe1UH13oZ65EMMNvlQ4lMT+BmA/FCDZxjuP0lG5Kv4CDoHSGAp5vJYD8u2zaUvgUEOg8BvcBDK9evP+JKbEODHmobbye966C+bhd4ksOIUhFLXxGU2oB8QCBnIUC9JNkyChnBIRsOIiNedYjj3CaHYG9c+zLcKXa"/ps/jlVNTQ1Fs/6BQWHckMavMVKHHhUM5qcqrTHGM3Jaqif6vTyUcLuqB209JS8URznEAoVg1TqzqlmYgtX/ExuYnHVd7HhykGaGVR82BKyJF9Fan85CivtikejwMwIDAQAB\;

You most likely need to remove the " at the beginning and the \; at the end before adding it to the text file. If copied from cpanel there is also a ; with a space after it in the middle of the p= section. This is what I did for cloudflare.

 

[BFFMediaInc]

Does anyone have trouble getting a DKIM key to work with add-on domains? My email is on .195 and I have multiple cpanels on different IPs, the DKIM key is the same for all the domains, however only the primary domain used to setup the cpanel passes the DKIM tests. All the domains, pri,mary and add-on on my .195 cpanel which is also the primary ip for my mail server pass. Only the add-ons on my other cpanel fail. the SPF records and dmarc are all good, DKIM fail.

Ideas?

Thanks.

 

[BFFMediaInc]

Also, I tried to edit my post for errors and to be more easily read and I was flagged for "potential spam" being new here I don't want to have trouble or get flagged for anything, this is what I was doing.

I tried to contact a moderator but I can't figure that out either. Sorry, this forum software is different to me.

Thanks again.

 

[BFFMediaInc]

I think I have this resolved. the dkim record in cpanel is only for the domain that the cpanel was setup for. it does not work for the add-on domains so if you have a client with cpanel access and not whm, they need to contact the admin to get those records from the whm dns zone. I would think cpanel would list dkim for each domain but apparently not.

 

[ruzbehraja]

I think I have this resolved. the dkim record in cpanel is only for the domain that the cpanel was setup for. it does not work for the add-on domains so if you have a client with cpanel access and not whm, they need to contact the admin to get those records from the whm dns zone. I would think cpanel would list dkim for each domain but apparently not.

Thats right. See: DKIM recipe with 3rd party / external DNS

find out your server's DKIM public key by going to /var/cpanel/domain_keys/public/ Type "more mywebsite.com" to see the public key. Copy the public key, not including the BEGIN/END lines.​

 

[cPanelMichael]

I think I have this resolved. the dkim record in cpanel is only for the domain that the cpanel was setup for. it does not work for the add-on domains so if you have a client with cpanel access and not whm, they need to contact the admin to get those records from the whm dns zone. I would think cpanel would list dkim for each domain but apparently not.

Hello,

Enabling DKIM for an account via the "Authentication" option in cPanel should add DKIM records to the DNS zones for the addon domain names linked to the account. Could you verify which version of cPanel is installed on the system if this is not happening?

Thank you.