DKIM Configuration DNS server

Discussion in 'General' started by spacepills, Jun 16, 2016.

  1. spacepills

    spacepills Member

    Hi, this one might be simple, hopefully is.
    I've installed the dkim patch on the web server and mail server which are in a multiserver setup, I've also installed it on my DNS server, which was set up quite some time ago and isn't part of the multiserver setup, so I'm having a problem with it when I create the DKIM record on the DNS server (I've already created the keys on the mail server), there's nothing in the public key box.
    What's the best way to get the DNS server to see the public key on the mail server?

  2. florian030

    florian030 Well-Known Member HowtoForge Supporter

    Create dkim-keys on the master-server onlye. If you an external dns (i.e. not included in your mutliserver-setup) insert the public key shown on the master in the dns-zone on your dns-server. When there is no dns in your multiserver-setup, you can not use some features like update the dkim-records in the dns automaticly.
  3. spacepills

    spacepills Member

    Hi Florian, thanks for the help, I'm looking to reinstall the DNS server as part of the multiserver setup soon but just need something for the short term, I was thinking maybe rsync the key to the DNS server but I don't know if that would work at all.
    So for this, just add the "DNS-Record" entry on the Mail Domain page as a TXT entry on the DNS server? If so, that should be pretty simple!

  4. florian030

    florian030 Well-Known Member HowtoForge Supporter

    You can not sync the keys to your dns-server. The keys are stored in /var/lib/amavis/dkim and they will be used by amavis to sign mails (you need the keys on your mailserver only).

    Just copy & past the dns-public-key. ;)
  5. spacepills

    spacepills Member

    This mostly works but occasionally when copying it across and looking on a dkim checker I get (example form
    Unable to properly parse the public key string and determine key length or the key is invalid. Tip: Make sure there aren't any special charaters or newlines pasted into your key in the TXT record.
    Any ideas?
  6. florian030

    florian030 Well-Known Member HowtoForge Supporter

    Did you publish the public-key in the dns-zone? You must create a TXT-Record (see DNS-Record)

Share This Page