Reply

Unable to add a DKIM record

jackie1100
Techie
Posts: 4
193     0

Hi,

I'm trying to add a DKIM record in our infoblox appliance for a zone we are authoritative for, but although it gets added, I cannot verify it.

Per the docs, a dkim record is just a txt record so here's what I have tried:

1. In the relevant zone under DNS tab I choose the "+" to add a txt record

2. In the name field I typed: squad_14a2a3 and in the text field I entered: "v=DKIM1; k=rsa; p=MJF----QCD"

(I have also tried in the text field: "k=rsa; p=MJF----QCD" so starting from 'k' instead of 'v')

(I've changed the values slightly for privacy and snipped the 'p' value due to length).

In order to verify, I've tried a couple of online tools: https://dkimcore.org/tools/dkimrecordcheck.html, https://www.dmarcanalyzer.com/dkim/dkim-check

In the above tools, for selector I entered 'squad_14a2a3' and for domain I entered 'mydomain.com' but they return error stating no valid dkim record found.

I have also tried verifying via commandline:

'dig txt squad_14a2a3._domainkey.mydomain.com' but it also doesn't show any dkim record.

 

Note that the DKIM key itself is valid, as when I check the key at https://dkimcore.org/tools/keycheck.html as: "v=DKIM1; k=rsa; p=MJF----QCD" it returns saying its a valid DKIM key.

 

What am I missing?

Please help

Thanks

jackie

 

Re: Unable to add a DKIM record

[ Edited ]
Adviser
Posts: 117
194     0

Greetings!

I do not find anything obviously wrong in your DKIM record (especially with the upper quotes in the beginning and the end). DKIM version (v=DKIM1) is a recommended field but the record is expected to work with/without it.


From my lab:

$ dig @10.192.33.224 squad_14a2a3._domainkey.mydomain.com TXT +short
"v=DKIM1; k=rsa; p=MJF----QCD"

 

An article which I'd written a while ago can be found at DKIM record fails to work.

It is confusing that your dig does not give you any response. Are you pointing at the right DNS server and does the client fall into the right DNS View?


Best Regards,

Bibin Thomas

Re: Unable to add a DKIM record

jackie1100
Techie
Posts: 4
194     0

Hi Bibin,

Thanks for your quick response. 

When I use +short with dig, I get nothing, if I omit +short, it gives me the normal output with dig version, header, EDNS, Question and Authority Section,  but no Answer section. 

We have an external view and an internal view (DNS views) for the same zone, the client should be in the internal view. I have added the record to the zone in both views and also tried with internal and external servers explicitly in the dig query, but still the same. I also tried adding t=y as shown in the article you mentioned: https://support.infoblox.com/app/answers/detail/a_id/4954/kw/DKIM, still no luck....

Our version is 8.3.4-381259, I have also tried to restart services a few times.

 

Not sure what is wrong.

 

Thanks

 

Re: Unable to add a DKIM record

Adviser
Posts: 117
194     0

Hi Jackie,

 

Could you please edit the zone and verify the name servers/name server group it is using?
Then please login to the CLI of one of the name servers (preferably the primary) and perform
"dig @127.0.0.1 squad_14a2a3._domainkey.mydomain.com TXT"?

If that works, then "dig @LAN1/VIP squad_14a2a3._domainkey.mydomain.com TXT"

If that also works, then login to the secondary server CLI (or whichever server you believe is broken) and perform the same. If it doesn't work, and if it is a secondary server, then you would want to verify whether this server is receiving zone data from the primary via grid replication or zone transfer.
If it is set to "Zone Transfer", you would want to verify whether zone transfer for the zone is working properly.

 

 

Best Regards,
Bibin Thomas

Re: Unable to add a DKIM record

[ Edited ]
blackiysto
Techie
Posts: 5
194     0

I do not find anything obviously wrong in your DKIM record (especially with the upper quotes).

 

 

 

__________________________________________________________

Sarkari Result Pnr Status 192.168.l.l

Showing results for 
Search instead for 
Do you mean 

Recommended for You

Businesses are investing heavily into securing company resources from cyber-attacks form cybercrimin