DomainKeys Identified Mail (DKIM): DKIM No key found

[kmchen]

Hi,

I'm trying to install opendkim on my domain following https://www.linuxbabe.com/mail-server/s ... ian-server
Here is the DKIM TXT I added to the DNS record:

Code: Select all

default._domainkey      IN      TXT    "v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ntrhznL+2Vzz/a3J84xY4WHMjJLRsl7LXi1wNnmG5hd2oZjCIiLBuwPXqJP6Z82zaIhnnUMUKr8t09K2tU20WiViXvM3o7uYZ9d960Oqi8tCgGic3veVCrn9fTn/NF9nm3GMCghZi9oS5FvxD3dM4f91zHJVBul8GLrI5654uttuDCoAnICNRMhWuvgwtj1SjUJ7PYT3sGKnsbaSvunxUxLFEmqxUBKPfFX4GJmPh89JCWKu51/gFjB4fdwCmFY9n/6Djoqnf1zWSHNwVH9e1lGj4U5B+NIBsG7vH4pa5XWu7Rltwhl/P5HinD3yVdh8zuW5jvWTuzfO8x47k/HaQIDAQAB"

But when I test:

Code: Select all

$ sudo opendkim-testkey -d webologix.com -s default -vvv 
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key 'default._domainkey.webologix.com'
opendkim-testkey: key missing

Can someone point me on what I missed ?

[reinob]

the TXT record has only this "v=DKIM1", which is probably not what you want.

[cjg67]

Hello,

Using bind you need to ensure that you escape all of the ; as well as removing all " and white space from the entire txt record field.

So for a ; it would look like:
\;
You need to remove the spaces between v=DKIM1,h=sha256 and k=rsa so that it is one long line.

I have just completed setting up my new name servers and ran into this even when using most of the online generators as they failed to add the escape character for ; and failed to state that adding it was needed. I finally stumbled upon one site that stated that for bind you have to escape the ;.

I also escaped the ; in the dmarc txt record.

Regards,

Christopher

[hususi]

After challenging with this issue for hours, I finally see that the issue is not related to typing format etc. (for my case at least!)
It's about limitation on the line of bind record.
It's limited to 255 bytes!
If you have a dns repord that longer than 255, (if you have 256 bit encryption like me) your records never work with any type of typo format. there is only 1 solution:
you need to cut your TXT record into two parts like this:

Code: Select all

default._domainkey      IN      TXT    "v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ntrhznL+2Vzz/a3J84xY4WHMjJLRsl7LXi1wNnmG5hd2oZjCIiLBuwPXqJP6Z82zaIhnnUMUKr8t09K2tU20WiViXvM3o7uYZ9d960Oqi8tCgGic3veVCrn9" "fTn/NF9nm3GMCghZi9oS5FvxD3dM4f91zHJVBul8GLrI5654uttuDCoAnICNRMhWuvgwtj1SjUJ7PYT3sGKnsbaSvunxUxLFEmqxUBKPfFX4GJmPh89JCWKu51/gFjB4fdwCmFY9n/6Djoqnf1zWSHNwVH9e1lGj4U5B+NIBsG7vH4pa5XWu7Rltwhl/P5HinD3yVdh8zuW5jvWTuzfO8x47k/HaQIDAQAB"

due to long entry, let me give you another exmaple in below:

Code: Select all

default._domainkey      IN      TXT    "v=DKIM1; h=sha256; k=rsa; p=-some part of the characters" "rest of the characters"

I hope this helps you.

Regards
Ismail

[Aki]

Hello @hususi,

Thanks for your feedback about the topic.

The first post is about one year old, therefore I don't know if the original poster would read it. I hope so and it could be usefull to other forum readers and viewers.

note: I edited the subject of the first post to add the explanation of the acronym DKIM (DomainKeys Identified Mail)