Unable to resolve DKIM TXT record

I've installed and configured OpenDKIM and SPF TXT records on Ubuntu 18.04 LTS. However, I'm unable to resolve my DKIM TXT record. I'm running NSD as my DNS and configured as mydomain.com.zone.

My SPF record for mydomain.com returns OK:

root@host:# nslookup -q=txt mydomain.com
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
mydomain.com text = "v=spf1 mx a ip4:1.2.3.4 -all"

Authoritative answers can be found from:  

However, my DKIM record for mydomain.com returns no answer:

root@host# nslookup -q=txt mail._domainkey.mydomain.com
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
*** Can't find mail._domainkey.mydomain.com: No answer

Authoritative answers can be found from:

dig output against Public DNS

root@host:# dig @8.8.8.8 mydomain.com TXT +short
"v=spf1 mx a ip4:1.2.3.4 -all"
root@host:# dig @8.8.8.8 mail._domainkey.mydomain.com TXT +short
root@host:#

Zone file:

root@host:#cat /etc/nsd/zones/mydomain.com.zone

$ORIGIN mydomain.com.
$TTL 1800

@        IN         SOA         ns1.mydomain.com.     domains.mydomain.com. (
                                2018050101
                                3600
                                900
                                1209600
                                1800
                                )

@        IN         NS          ns1.mydomain.com.
@        IN         NS          ns2.mydomain.com.
@        IN         A           1.2.3.4
@        IN         MX          10 mail.mydomain.com.
@        IN         TXT         "v=spf1 mx a ip4:1.2.3.4-all"

mail._domainkey     TXT         (
                                 "v=DKIM1\059 h=sha256\059 k=rsa\059 p=ABCDEFGHIJKLMNOPQRSTUVWXYZ"
                                 "ABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJK" )

ns1      IN          A           1.2.3.4
ns2      IN          A           1.2.3.4
www      IN          A           1.2.3.4
ftp      IN          A           1.2.3.4
mail     IN          A           1.2.3.4
*        IN          A           1.2.3.4

Everything OK here:

root@host:# nsd-checkzone mydomain.com mydomain.com.zone
zone mydomain.com is ok

However, running opendkim-testkey, it returns a "No key" error:

root@host:# opendkim-testkey -d mydomain.com -s mail -vvv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key 'mail._domainkey.mydomain.com'
opendkim-testkey: No key

Configuration output:

root@host:# tree /etc/opendkim
/etc/opendkim
|-- keys
|   `-- mydomain.com
|       |-- mail.private
|       `-- mail.txt
|-- key.table
|-- signing.table
`-- trusted.hosts
2 directories, 5 files

root@host:/# cat /etc/opendkim/key.table
mail._domainkey.mydomain.com mydomain.com:mail:/etc/opendkim/keys/mydomain.com/mail.private

root@host:/# cat /etc/opendkim/signing.table
*@mydomain.com mail._domainkey.mydomain.com

root@host:/# cat /etc/opendkim.conf
Syslog yes
SyslogSuccess Yes
LogWhy Yes
UMask 002
UserID opendkim:opendkim
KeyTable refile:/etc/opendkim/key.table
SigningTable refile:/etc/opendkim/signing.table
ExternalIgnoreList refile:/etc/opendkim/trusted.hosts
InternalHosts refile:/etc/opendkim/trusted.hosts
Canonicalization relaxed/simple
Mode sv
ADSPAction continue
AutoRestart yes
AutoRestartRate 10/1M
SignatureAlgorithm rsa-sha256
Socket inet:8891@localhost
PidFile /var/run/opendkim/opendkim.pid
OversignHeaders From

1 Reply

You must reload nsd-control reconfig to allow DKIM TXT changes take effect. Check nsd.conf and ensure that zone entries point to the correct zone files.

root@host:/etc/nsd# cat nsd.conf
server:
        ip-address: 127.0.0.1
        ip-address: 1.2.3.4
        username: nsd
        hide-version: yes
        zonesdir: "/etc/nsd/zones/"
        logfile: "/var/log/nsd.log"
        pidfile: "/run/nsd/nsd.pid"

# zone entry for mydomain.com
zone:
        name: mydomain.com
        zonefile: mydomain.com.zone


root@host:/etc/nsd# vim nsd.conf
root@host:/etc/nsd# nsd-control reconfig
reconfig start, read /etc/nsd/nsd.conf
ok
root@host:/etc/nsd# opendkim-testkey -d mydomain.com -s mail -vvv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key 'mail._domainkey.mydomain.com'
opendkim-testkey: key not secure
opendkim-testkey: key OK

root@host:/etc/nsd# dig @8.8.8.8 mail._domainkey.mydomain.com TXT +short
"v=DKIM1; h=sha256; k=rsa; p=ABCDEFGHIJKLMNOPQRSTUVWXYZ" 
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"

root@host:/etc/nsd# nslookup -q=txt mail._domainkey.myhost.com 
ns1.myhost.com
Server:         ns1.myhost.com
Address:        1.2.3.4#53

mail._domainkey.mydomain.com  text = "v=DKIM1; h=sha256; k=rsa; 
p=ABCDEFGHIJKLMNOPQRSTUVWXYZ" "ABCDEFGHIJKLMNOPQRSTUVWXYZ" 
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct