Unable to resolve DKIM TXT record
I've installed and configured OpenDKIM and SPF TXT records on Ubuntu 18.04 LTS. However, I'm unable to resolve my DKIM TXT record. I'm running NSD as my DNS and configured as mydomain.com.zone.
My SPF record for mydomain.com returns OK:
root@host:# nslookup -q=txt mydomain.com
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
mydomain.com text = "v=spf1 mx a ip4:1.2.3.4 -all"
Authoritative answers can be found from:
However, my DKIM record for mydomain.com returns no answer:
root@host# nslookup -q=txt mail._domainkey.mydomain.com
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
*** Can't find mail._domainkey.mydomain.com: No answer
Authoritative answers can be found from:
dig output against Public DNS
root@host:# dig @8.8.8.8 mydomain.com TXT +short
"v=spf1 mx a ip4:1.2.3.4 -all"
root@host:# dig @8.8.8.8 mail._domainkey.mydomain.com TXT +short
root@host:#
Zone file:
root@host:#cat /etc/nsd/zones/mydomain.com.zone
$ORIGIN mydomain.com.
$TTL 1800
@ IN SOA ns1.mydomain.com. domains.mydomain.com. (
2018050101
3600
900
1209600
1800
)
@ IN NS ns1.mydomain.com.
@ IN NS ns2.mydomain.com.
@ IN A 1.2.3.4
@ IN MX 10 mail.mydomain.com.
@ IN TXT "v=spf1 mx a ip4:1.2.3.4-all"
mail._domainkey TXT (
"v=DKIM1\059 h=sha256\059 k=rsa\059 p=ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJK" )
ns1 IN A 1.2.3.4
ns2 IN A 1.2.3.4
www IN A 1.2.3.4
ftp IN A 1.2.3.4
mail IN A 1.2.3.4
* IN A 1.2.3.4
Everything OK here:
root@host:# nsd-checkzone mydomain.com mydomain.com.zone
zone mydomain.com is ok
However, running opendkim-testkey, it returns a "No key" error:
root@host:# opendkim-testkey -d mydomain.com -s mail -vvv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key 'mail._domainkey.mydomain.com'
opendkim-testkey: No key
Configuration output:
root@host:# tree /etc/opendkim
/etc/opendkim
|-- keys
| `-- mydomain.com
| |-- mail.private
| `-- mail.txt
|-- key.table
|-- signing.table
`-- trusted.hosts
2 directories, 5 files
root@host:/# cat /etc/opendkim/key.table
mail._domainkey.mydomain.com mydomain.com:mail:/etc/opendkim/keys/mydomain.com/mail.private
root@host:/# cat /etc/opendkim/signing.table
*@mydomain.com mail._domainkey.mydomain.com
root@host:/# cat /etc/opendkim.conf
Syslog yes
SyslogSuccess Yes
LogWhy Yes
UMask 002
UserID opendkim:opendkim
KeyTable refile:/etc/opendkim/key.table
SigningTable refile:/etc/opendkim/signing.table
ExternalIgnoreList refile:/etc/opendkim/trusted.hosts
InternalHosts refile:/etc/opendkim/trusted.hosts
Canonicalization relaxed/simple
Mode sv
ADSPAction continue
AutoRestart yes
AutoRestartRate 10/1M
SignatureAlgorithm rsa-sha256
Socket inet:8891@localhost
PidFile /var/run/opendkim/opendkim.pid
OversignHeaders From
1 Reply
You must reload nsd-control reconfig to allow DKIM TXT changes take effect. Check nsd.conf and ensure that zone entries point to the correct zone files.
root@host:/etc/nsd# cat nsd.conf
server:
ip-address: 127.0.0.1
ip-address: 1.2.3.4
username: nsd
hide-version: yes
zonesdir: "/etc/nsd/zones/"
logfile: "/var/log/nsd.log"
pidfile: "/run/nsd/nsd.pid"
# zone entry for mydomain.com
zone:
name: mydomain.com
zonefile: mydomain.com.zone
root@host:/etc/nsd# vim nsd.conf
root@host:/etc/nsd# nsd-control reconfig
reconfig start, read /etc/nsd/nsd.conf
ok
root@host:/etc/nsd# opendkim-testkey -d mydomain.com -s mail -vvv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key 'mail._domainkey.mydomain.com'
opendkim-testkey: key not secure
opendkim-testkey: key OK
root@host:/etc/nsd# dig @8.8.8.8 mail._domainkey.mydomain.com TXT +short
"v=DKIM1; h=sha256; k=rsa; p=ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
root@host:/etc/nsd# nslookup -q=txt mail._domainkey.myhost.com
ns1.myhost.com
Server: ns1.myhost.com
Address: 1.2.3.4#53
mail._domainkey.mydomain.com text = "v=DKIM1; h=sha256; k=rsa;
p=ABCDEFGHIJKLMNOPQRSTUVWXYZ" "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"