Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

NIOS DNS DHCP IPAM

Reply

Unable to add a DKIM record

New Member
Posts: 2
4878     0

Hi,

I'm trying to add a DKIM record in our infoblox appliance for a zone we are authoritative for, but although it gets added, I cannot verify it.

Per the docs, a dkim record is just a txt record so here's what I have tried:

1. In the relevant zone under DNS tab I choose the "+" to add a txt record

2. In the name field I typed: squad_14a2a3 and in the text field I entered: "v=DKIM1; k=rsa; p=MJF----QCD"

(I have also tried in the text field: "k=rsa; p=MJF----QCD" so starting from 'k' instead of 'v')

(I've changed the values slightly for privacy and snipped the 'p' value due to length).

In order to verify, I've tried a couple of online tools: https://dkimcore.org/tools/dkimrecordcheck.html, https://www.dmarcanalyzer.com/dkim/dkim-check

In the above tools, for selector I entered 'squad_14a2a3' and for domain I entered 'mydomain.com' but they return error stating no valid dkim record found.

I have also tried verifying via commandline:

'dig txt squad_14a2a3._domainkey.mydomain.com' but it also doesn't show any dkim record.

 

Note that the DKIM key itself is valid, as when I check the key at https://dkimcore.org/tools/keycheck.html as: "v=DKIM1; k=rsa; p=MJF----QCD" it returns saying its a valid DKIM key.

 

What am I missing?

Please help

Thanks

jackie

 

Re: Unable to add a DKIM record

[ Edited ]
Moderator
Moderator
Posts: 72
4878     0

Greetings!

I do not find anything obviously wrong in your DKIM record (especially with the upper quotes in the beginning and the end). DKIM version (v=DKIM1) is a recommended field but the record is expected to work with/without it.


From my lab:

$ dig @10.192.33.224 squad_14a2a3._domainkey.mydomain.com TXT +short
"v=DKIM1; k=rsa; p=MJF----QCD"

 

An article which I'd written a while ago can be found at DKIM record fails to work.

It is confusing that your dig does not give you any response. Are you pointing at the right DNS server and does the client fall into the right DNS View?


Best Regards,

Bibin Thomas

Re: Unable to add a DKIM record

New Member
Posts: 2
4878     0

Hi Bibin,

Thanks for your quick response. 

When I use +short with dig, I get nothing, if I omit +short, it gives me the normal output with dig version, header, EDNS, Question and Authority Section,  but no Answer section. 

We have an external view and an internal view (DNS views) for the same zone, the client should be in the internal view. I have added the record to the zone in both views and also tried with internal and external servers explicitly in the dig query, but still the same. I also tried adding t=y as shown in the article you mentioned: https://support.infoblox.com/app/answers/detail/a_id/4954/kw/DKIM, still no luck....

Our version is 8.3.4-381259, I have also tried to restart services a few times.

 

Not sure what is wrong.

 

Thanks

 

Re: Unable to add a DKIM record

Moderator
Moderator
Posts: 72
4878     0

Hi Jackie,

 

Could you please edit the zone and verify the name servers/name server group it is using?
Then please login to the CLI of one of the name servers (preferably the primary) and perform
"dig @127.0.0.1 squad_14a2a3._domainkey.mydomain.com TXT"?

If that works, then "dig @LAN1/VIP squad_14a2a3._domainkey.mydomain.com TXT"

If that also works, then login to the secondary server CLI (or whichever server you believe is broken) and perform the same. If it doesn't work, and if it is a secondary server, then you would want to verify whether this server is receiving zone data from the primary via grid replication or zone transfer.
If it is set to "Zone Transfer", you would want to verify whether zone transfer for the zone is working properly.

 

 

Best Regards,
Bibin Thomas

Re: Unable to add a DKIM record

New Member
Posts: 2
4878     0
  1. Log in to your Control Panel.
  2. Go to Domain Central.
  3. Click on the domain you want to edit.
  4. Click DNS.
  5. Use the Modify drop-down to select the type of DNS record you want to modify: Private Nameserver. MX Record. CNAME Alias. NS Record. A Record. TXT/SPF Record. DKIM Record. ...
  6. Select DKIM Record.

Re: Unable to add a DKIM record

New Member
Posts: 2
4879     0

Adding a DKIM record is not something that we support, which is why you are unable to locate a help article. You will want to research a solution by using your favorite search engine. Hopefully, one of our other community members will chime in.

Re: Unable to add a DKIM record

Authority
Posts: 6
4879     0

Hi Johnpeter123,

 

Are you referring to an Infoblox Support ticket that you have opened and that could not assist you with the creation of a DKIM record in your Infoblox infrastructure? If so , can you please share the Support ticket number?

 

Otherwise could you elaborate a bit more what your request is on this old thread?

Showing results for 
Search instead for 
Did you mean: 

Recommended for You