> -----Original Message-----
> From: opendkim-users-bounce_at_lists.opendkim.org [mailto:opendkim-users-bounce_at_lists.opendkim.org] On Behalf Of Mauricio Tavares
> Sent: Wednesday, February 22, 2012 10:23 AM
> To: opendkim-users
> Subject: dkim key questions
>
> Which might cause the following headers in my outgoing emails:
>
> Authentication-Results: mail.otherdomain.com (amavisd-new);
> dkim=softfail (invalid, public key: DNS query timeout for
> mail._domainkey.domain.com) header.i=_at_domain.com
>
> Would creating a dkim key for domain.com make it happier? If so, can I
> have *two* dkim keys so I can take care of both possibilities? If so,
> how would that work in my dns records?
Generally speaking, this won't help. The issue appears to be that your DNS isn't answering before amavisd-new times out waiting, not that you need more keys in the DNS.
If the "s=" and "d=" parts of your signatures don't change, then there's only one place in your DNS that verifiers will go to look for your keys. Other locations will never be checked.
It's not possible to tell if your DNS is set up properly since you've redacted all your domain names, so I'll say something else general: As long as your key can be found in a TXT record at mail._domainkey.domain.com, your DNS is configured correctly.
-MSK
Received on Wed Feb 22 2012 - 19:05:30 PST
This archive was generated by hypermail 2.3.0
: Mon Oct 29 2012 - 23:20:37 PST