DKIM record is invalid

First, I am assuming that when you say MXTools that you are referring to mxtoolbox.com, sepcifically:

http://mxtoolbox.com/dkim.aspx

Second, I am assuming that you changed the domain name and are not trying to use example.com (unless you happen to own example.com).

Regardless, if you do own example.com, the DNS record would look something like this:

Host Name = selector._domainkey.yourdomain.com
Record Type = TXT
Value =  "v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRamQTqtthRZ6f6bX4eYljhJXcNwwxUaDomUxpm78Vk5awOfqQrqb5d7S1ZkGbyDZ77SsuuY7MoUSo/25TX1Ask1zejZacFhOd+YIXg3fCpYPga3hikJLavcAfkBVWdf9yIqBPDkoXnHBmUrQnsBZN8lGmp/A5B9k/eG/RZBYIMQIDAQAB"

Using the above tool from MX Toolbox, I could check the record by entering as such:It should go without saying that I do not own yourdomain.com and as far as I know yourdomain.com does not exist nor have a TXT record called selector, but using my selector and domain name produces the following results:This, however, is just one step in the process, the next thing you have to do is configure your MTA (Mail Transfer Agent) to sign the emails.

By the way, the s=email is probably the culprit.  s (by the DKIM documentation) represents the selector and is part of the message header (not the TXT record).

-saige-

Hi Saige,

Thanks - I have removed the "s=email" and it still doesn't work - but that may be a propogation thing, I will look later.

I also added an escape before each semi-colon, as apparently that is required by Bind, which is what I use for DNS - also no difference.

The domain is actually jhbchev.ml and the selector is wys.

Yes, I did mean MXToolBox.

What are you using to edit your bind configuration (GEDIT, NANO, VI)?

-saige-

Hi,

I am using the Virtualmin interface - I am a bit lazy. I'll check the file directly with NANO, maybe I'll spot something.

Record is currently

wys._domainkey.jhbchev.ml in TXT "v=DKIM1\;t=s\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRamQTqtthRZ6f6bX4eYljhJXcNwwxUaDomUxpm78Vk5awOfqQrqb5d7S1ZkGbyDZ77SsuuY7MoUSo/25TX1Ask1zejZacFhOd+YIXg3fCpYPga3hikJLavcAfkBVWdf9yIqBPDkoXnHBmUrQnsBZN8lGmp/A5B9k/eG/RZBYIMQIDAQAB"

Select allOpen in new window

and checking the serial number on MXToolBox it seems to have propogated - but still no joy.

Let's try using the following instead:

DKIM Policy Record -

_domainkey.jhbchev.ml	IN	TXT	"t=y\; o=~\;"

Select allOpen in new window

DKIM Public Record -

wys._domainkey.jhbchev.ml	IN	TXT	"v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRamQTqtthRZ6f6bX4eYljhJXcNwwxUaDomUxpm78Vk5awOfqQrqb5d7S1ZkGbyDZ77SsuuY7MoUSo/25TX1Ask1zejZacFhOd+YIXg3fCpYPga3hikJLavcAfkBVWdf9yIqBPDkoXnHBmUrQnsBZN8lGmp/A5B9k/eG/RZBYIMQIDAQAB"

Select allOpen in new window

-saige-

Hi Saige,

Thanks for staying on this journey, and for the extra info. I never knew about the policy record at all.

However, still no luck - I still get "No DKIM Records exist" from MXToolBox.

My DNS looks like this now:

@	IN	TXT	"v=spf1 mx a ~all"

_domainkey.jhbchev.ml	IN	TXT	"t=y\; o=~\;"

wys._domainkey.jhbchev.ml	IN	TXT	"v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRamQTqtthRZ6f6bX4eYljhJXcNwwxUaDomUxpm78Vk5awOfqQrqb5d7S1ZkGbyDZ77SsuuY7MoUSo/25TX1Ask1zejZacFhOd+YIXg3fCpYPga3hikJLavcAfkBVWdf9yIqBPDkoXnHBmUrQnsBZN8lGmp/A5B9k/eG/RZBYIMQIDAQAB"

Select allOpen in new window

Hey Ho!

I just found the problem!

And it is so stoopid.

We both forgot to add a "." after the record name, so the record became

@	IN	TXT	"v=spf1 mx a ~all"

_domainkey.jhbchev.ml.jhbcjev.ml.	IN	TXT	"t=y\; o=~\;"

wys._domainkey.jhbchev.ml.jhbchev.ml.	IN	TXT	"v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRamQTqtthRZ6f6bX4eYljhJXcNwwxUaDomUxpm78Vk5awOfqQrqb5d7S1ZkGbyDZ77SsuuY7MoUSo/25TX1Ask1zejZacFhOd+YIXg3fCpYPga3hikJLavcAfkBVWdf9yIqBPDkoXnHBmUrQnsBZN8lGmp/A5B9k/eG/RZBYIMQIDAQAB"

Select allOpen in new window

Wow! Stupid error gets me again!

Thanks for your help, and the extra info.

Thank you so much - this has been a long and arduous journey, where we started at the destination and went in circles.