DKIM - Why does DKIM check keep failing after following setup instructions correctly?
Author
Thread
AuthorMichael Pancotti 1st September 2023
The 2048-bit public.key file that is generated by Open SSL contains the string that needs to be set up as a DNS TXT record within the Domain Hosting Platform, this string can exceed 255 characters.
It is advised by Google's own DKIM documentation that when creating the DNS TXT records, the public.key characters must be split into multiple text strings, and each string should be encapsulated inside quotes.
On some DNS Hosting platforms this can be something to be aware of as the provider may have certain requirements in the way these TXT Records are created and formatted, and it has been found that these instructions can sometimes be conflicting.
Within cPanel for instance, if using a 2048-bit public key, it will need to be split into multiple string segments as suggested, however they cannot be surrounded by quotes or the DNS TXT record will fail the DKIM test. This also contradicts cPanel's own documentaion.
1st September 2023
It is advised by Google's own DKIM documentation that when creating the DNS TXT records, the public.key characters must be split into multiple text strings, and each string should be encapsulated inside quotes.
Google Documentation: https://support.google.com/a/answer/11613097?hl=en
On some DNS Hosting platforms this can be something to be aware of as the provider may have certain requirements in the way these TXT Records are created and formatted, and it has been found that these instructions can sometimes be conflicting.
Within cPanel for instance, if using a 2048-bit public key, it will need to be split into multiple string segments as suggested, however they cannot be surrounded by quotes or the DNS TXT record will fail the DKIM test. This also contradicts cPanel's own documentaion.
cPanel Documentation: https://support.cpanel.net/hc/en-us/articles/4402114117911-Why-are-DKIM-TXT-records-split-
An example of the correct formatting used to set up a DNS TXT record is shown below:
Public Key:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhuZA6WfIFmzl/Lk2PXK
+c1a1YrSVW6OkOGI4CN3+C2qDEI1tF2GbFiWJmLcFCkRppegKsQQIIGwr5edrKdY
vTCJGq6HOreUH2MBinjhyzX0oMKoxvEokEKWKGpttuZWtql0+Sj9GBI4FPsKE6jV
o/bR9MHXA4fA85T+rUQe6v8ZZHEMCjxXtoJqddmSehbfK4NLLB2Dlzhgp5wFWwEm
r37DDMrqe23J5+cpMfnq163H1kxM1ggUCtGIZPD3SoYiVNNRcKGobnEepGs+2ru2
bbnAlwnehdgzCzG6quVHaTJw4zhpjMMGswHbFIm3wm85ZZvGGDD8lp6qKQ0p0kfL
KQIDAQAB
-----END PUBLIC KEY-----
TXT Record strings:
v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhuZA6WfIFmzl/Lk2PXK+c1a1YrSVW6OkOGI4CN3+C2qDEI1tF2GbFiWJmLcFCkRppegKsQQIIGwr5edrKdYvTCJGq6HOreUH2MBinjhyzX0oMKoxvEokEKWKGpttuZWtql0+Sj9GBI4FPsKE6jVo/bR9MHXA4fA85T+rUQe6v8ZZHEMCj
xXtoJqddmSehbfK4NLLB2Dlzhgp5wFWwEmr37DDMrqe23J5+cpMfnq163H1kxM1ggUCtGIZPD3SoYiVNNRcKGobnEepGs+2ru2bbnAlwnehdgzCzG6quVHaTJw4zhpjMMGswHbFIm3wm85ZZvGGDD8lp6qKQ0p0kfLKQIDAQAB