Skip to main content

How to Enter DKIM record into DNS Zone

Comments

15 comments

  • cPanelMichael
    Hello :) For "host", enter: default._domainkey The TXT value is the actual record, including the quotes, depending on how your specific DNS provider handles the entries. Thank you.
    0
  • Kevin Andrews
    And therein lies the rub . . . I also have been trying to deal with GoDaddy, and they seriously said they don't know what DKIM is. The first person I talked to on chat told me that I should put @ as the host. Which I knew was wrong, but she insisted. I gave up and tried phoning. That person was more helpful but he also had never heard of it. "What is it? DKI? What is it? Are you trying to register a domain name?" He finally checked with someone else and found out what it is, but he couldn't tell me the answer to this question. He said, "That's a custom DNS so we can't help you with that." My hosting provider similarly pointed at GoDaddy and said I'd have to ask them. The problem is that the format in which cpanel provides the DKIM record is not the same as GoDaddy. There are no quotes around it in GoDaddy, and it doesn't have a trailing ;/ So, simple right? Just remove those. But it is more complicated than that. My cpanel generated DKIM actually had two lines. There was a quote at the beginning, and at the end of the first line, right in the middle of the record. On some. But not all. Anyway, I tried all the various permutations that occurred to me to use, with quotes, without quotes, with trailing slash, etc. And of course, each time, waiting from 10 minutes to several hours for DNS propagation each time. But I haven't made any progress at all. I'd sure like to find an answer to this question. And also to suggest that since cPanel is so widely used and GoDaddy is also a major provider being used by so many, that perhaps GoDaddy and cPanel can arrange a meeting of the minds and come up with an instructable on how to enter cPanel DKIM records into GoDaddy DNS. :)
    0
  • Kevin Andrews
    I submitted a ticket to cPanel support after spending hours working with a host of experts, each of whom offered conflicting and sometimes painfully ignorant solutions, none of which worked. Having spent an entire day working on it, I submitted the ticket and went to bed. When I woke in the morning, I found a response from cPanel in which the problem was clearly identified and solved. "Basically, when a TXT record is longer then 254 characters, it is split. This should be appropriately split into two separate strings, which would then be combined in the record itself." (from the cPanel response) Based on this revelation, I resolved my problem by copying the cPanel DKIM record into a simple text editor with word wrap turned off, then removed all quotes from the record and removing all spaces and line breaks from the "p=" portion of the record, along with the trailing /; so that the record was one long string, and pasted the record into GoDaddy. After saving and waiting 10 minutes, test emails were passing DKIM. Note that GoDaddy has their own way of doing this. Specifically, they do not want to see quotes included in the record. If your DNS is with GoDaddy, this should work for you. If with someone else, you may need to adjust accordingly.
    0
  • cPanelMichael
    Hello Kevin :) Thank you for taking the time to not only report this issue on our forums, but for also updating this thread with the outcome after finding a solution via a support ticket. We find great value in this type of feedback because it helps us to improve our documentation, and create solutions that will improve the user experience. We now have an internal case open with our documentation team to come up with the best way to advise users on how to configure their DKIM records on specific providers, similar to how we do so for name servers on this document:
    0
  • Solokron
    We are seeing the same issue with a client with cpanel generating the following and DNSMadeEasy not accepting because it is producing a total of 441 characters for the text area.
    0
  • Zoop
    Hey I just wanted to add, most providers and services refer to
    0
  • Zoop
    Oh and what Kevin said makes total sense, now I know what to look for, why and when.
    0
  • havok89
    We are seeing the same issue with a client with cpanel generating the following and DNSMadeEasy not accepting because it is producing a total of 441 characters for the text area.

    I am being given a total of 441 characters too and fasthosts just wont accept it. When contacting their support im just being told to get a shorter DKIM key which doesnt seam possible
    0
  • Chris Strzelczyk
    I am being given a total of 441 characters too and fasthosts just wont accept it. When contacting their support im just being told to get a shorter DKIM key which doesnt seam possible

    This is a case of standards pushing providers and the providers sadly have not caught up yet. I spoke with DNSMADEEASY and they state that you can add the value in two parts. "part one" "part two" They haven't made this trivial nor is it documented anywhere. I haven't tried this yet, but I'm going to give it a whirl later tonight. I suspect that part one needs to be 254 chars max. Cpanel currently does the splitting for you, but it does not add the correct amount of double quotes. QUESTION: What if we wanted to go to a 1024 bit key length? Is that possible? Could we run openssl genrsa..... and replace the files in /var/cpanel/domain_keys/[private|public] with the new values? OR do the keys get entered into some database table as well? I think Google Gmail still supports 1024 bit keys and up. So this may work as a short term solution for customers dealing with DNS providers that have not caught up to the standards. Cheers, -cs
    0
  • cPanelMichael
    Hello :) We are in the initial stages of communicating with the remote DNS providers referenced on this thread in order to come up with a solution that makes it easier for users to directly copy and paste the DKIM record generated in cPanel to the interface provided by their remote DNS provider. I'll update this thread with more information as it becomes available. Thank you.
    0
  • BottNet
    Hello...Same issue with Enom. Even right on their page it reads "NOTE: Due to the limitation of our Host Records maximum length, we only support up to 1024 bit DomainKeys." Support for DKIM or DomainKeys on our DNS THIS 100% is very bad that we are now forced to use the new key vs 1024. This has totally messed us up at this time and we have NO RESOLVE for it. How can CP not be all over this very wide spread issue that is affecting SO MANY people. Give us back 1024 or give us the option to select what to use. This is very poor to say the least.
    0
  • BottNet
    BTW...Even check-auth@verifier.port25.com checker says the key is not right... Result: permerror (invalid key: error reading public key: 139679786096384:error:0D07209B:asn1 encoding routines:ASN1_get_object:too long:asn1_lib.c:142:;139679786096384:error:0D068066:asn1 encoding routines:ASN1_CHECK_TLEN:bad object header:tasn_dec.c:1306:;139679786096384:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=X509_PUBKEY;)
    0
  • cPanelMichael
    Hello...Same issue with Enom. Even right on their page it reads "NOTE: Due to the limitation of our Host Records maximum length, we only support up to 1024 bit DomainKeys."

    Hello, A user has submitted a manual workaround on the following thread that you may find helpful: Generate 1024-bit DKIM keys We are still in the process of communicating with these providers to support the DKIM entry as we present it in cPanel. I'll update this thread with more information as it becomes available. Thank you.
    0
  • feta
    Hello, So I"m trying to fix this same issue and I have a question, how did you split the DKIM record? And where did you write it? Thanks!
    0
  • cPRex Jurassic Moderator
    @feta - on my personal system, the domain key is split like this:
    default._domainkey 14400 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BXXXXXXXXXXXXXXXXXXAt6BVINLKyWvDpVA2r8dmjqiMdISgm22ElExeditX57ilawGE9x1dNMM9k6qiKATkStakoM8edoUtqywj6PCnWE+Tq0cB1TIMuSKhKJqoiuMSKFjI9IJa4WGd4IotQHhCC3j208wwQa5gVG5Xu//z3QGvoTHfTpaAN3UER1UYBlz+KnFK/dG74TZz2pMVHa6mo" EBnBEDy8TZXuMoV/5osnt/zgWvIE3JS6QnAoUlfsxRMYnGv4FIKEA0XnAiLTLRgwVUdRag6njWpc1p1J6pMwoqlNGW+d4oj8B2eS4rIJyePHS3yJLX+vjjfoH9gT2rUtlFBWE/as+4D1NZCVRDqwQIDAQAB\;
    so you should be seeing that format already. Do you not see that in your DNS zone file?
    0

Please sign in to leave a comment.