Re: Help request: permerror (key "dkim._domainkey.caerllewys.net" doesn't exist) from Steve Jenkins on 2015-07-27 (OpenDKIM Users mailing list)

From: Steve Jenkins <steve_at_stevejenkins.com>
Date: Mon, 27 Jul 2015 07:29:11 -0700

On Mon, Jul 27, 2015 at 6:57 AM, Phil Stracchino <phils_at_caerllewys.net>
wrote:

> The subject line is what port25's verifier just told me. (Thanks to
> Dave Flanagan for the tip.) I just verified that the
> dkim._domainkey.caerllewys.net TXT record is right there in my external
> master zone, but if I go to try to retrieve the record from my
> nameserver using any of several external hosts that I have access to
> that are able to correctly retrieve A records, I get an NXDOMAIN error.
>
> My external zone file contains:
>
> dkim._domainkey.caerllewys.net IN TXT "v=DKIM1; k=rsa;
> p=MIGfMA0GCSqG....."
>
> I'm using mail-filter/opendkim-2.9.2-r1 and mail-mta/postfix-3.0.2, on
> Gentoo Linux. Am I setting up my DKIM key record wrong?

Hi, Phil. I think something is wrong in your DNS setup. Best way to check
to make sure your TXT records are visible is from the Linux command line:

% dig txt dkim._domainkey.caerllewys.net

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> txt dkim._
domainkey.caerllewys.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53572
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;dkim._domainkey.caerllewys.net. IN TXT

;; AUTHORITY SECTION:
caerllewys.net. 259200 IN SOA caerllewys.net.
hostmaster.caerllewys.net. 2015012701 28800 7200 604800 259200

--------------------

There's no "ANSWER SECTION," meaning that there was no value found for the
query you made. It should look something like this (here's mine):

% dig txt default._domainkey.stevejenkins.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.3 <<>> txt default._
domainkey.stevejenkins.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19699
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;default._domainkey.stevejenkins.com. IN TXT

;; ANSWER SECTION:
default._domainkey.stevejenkins.com. 300 IN TXT "v=DKIM1\; k=rsa\;
p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+8XhZrO/C4f4b30Yysqbrj+LLKBvA5RBolHQ9Ry6mO9jfq8dCtbSl4VyxQXwBNejKbYtT2Sc+ONQo7Y0z9QlXWk5HkEWGC6PEOfx2OsnX6DvP1+qlRE/3+R996hOZESdpFYK3mB5tKYVH2ZqRQVN2XxUjVj+ank8e+8Y9k7C/cwIDAQAB"

-----------------------

I bet there's just something wonky in your zone file setup. Poke around
there and I bet you'll find it.

SteveJ
Received on Mon Jul 27 2015 - 14:29:26 PST

This archive was generated by hypermail 2.3.0 : Mon Jul 27 2015 - 14:36:01 PST