This article contains information on validating and troubleshooting DKIM records, including using a DKIM checker, resolving common issues, and verifying DNS configurations to ensure proper email authentication.
Setting up the correct DKIM record is essential to your technical settings. You can check/validate your DKIM record using our DKIM record checker.
Validating Your DKIM Record
- Enter the DKIM Selector for your domain.
- Enter your Domain Name.
- Click on the Validate button.
Ensure you only fill in the domain name without the subdomain and subpages.
For example, domain.com (and not: https://www.domain.com/page/).
- The DKIM Checker will indicate if the record is correctly configured and display text such as 'This seems to be a valid DKIM key record' with a complete list of all DKIM results of the specified domain.
Troubleshooting a DKIM Record
If you cannot validate the record in the checker, ensure you have entered the correct records in your DNS. Using the command-line tool dig in OSX and Linux, you can debug some more to figure out the problem.
First, we want to ensure the problem is unrelated to the cache. E.g., when you tried the check before adding or changing the TXT record, the response from your DNS server might have been cached, and it could take a couple of hours for the server to display the correct response.
To bypass any cache, you can ask your name server directly what records it has.
Use the following command to find out what your nameservers are: dig yourdomain.com NS
[root@server ~]# dig yourdomain.com NS
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.5 <<>> yourdomain.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32320
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;yourdomeain.com. IN NS
;; ANSWER SECTION:
yourdomain.com. 300 IN NS ns1.yourdomain.com.
yourdomain.com. 300 IN NS ns2.yourdomain.com.
yourdomain.com. 300 IN NS ns3.yourdomain.com.
;; Query time: 31 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Mon Nov 26 16:09:52 2012
;; MSG SIZE rcvd: 87
The lines in your ANSWER SECTION (highlighted above) are your nameservers.
Now ask a nameserver what records it has available using the command: dig google._domainkey.yourdomain.com TXT @ns1.yourdomain.com
[root@server ~]# dig google._domainkey.yourdomain.com TXT @ns1.yourdomain.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.5 <<>> google._domainkey.yourdomain.com TXT @ns1.yourdomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23736
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;google._domainkey.yourdomain.com. IN TXT
;; ANSWER SECTION:
google._domainkey.yourdomain.com. 300 IN TXT "v=DKIM1\; k=rsa\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxLaG16G4SaEcXVdiIxTg7gKSGbHKQLm30CHib1h9FzS9nkcyvQSyQj1rMFyqC//tft3ohx3nvJl+bGCWxdtLYDSmir9PW54e5CTdxEh8MWRkBO3StF6QG/tAh3aTGDmkqhIJGLb87iHvpmVKqURmEUzJPv5KPJfWLofADI+q9lQIDAQAB"
;; Query time: 1 msec
;; SERVER: 83.96.177.4#53(83.96.177.4)
;; WHEN: Mon Nov 26 16:52:44 2012
;; MSG SIZE rcvd: 284You should then see your TXT records output.
Common Mistakes / Problems
-
-
- It takes some time to save the changes in GUI to the nameserver
(e.g., In the GUI, everything is correct, but NS does not return anything/correct values) - It takes some time to sync all nameservers with each other.
(e.g. ns1 returns correct values, but ns2 and/or ns3 does not) - Accidentally copied spaces
- Characters are escaped with an additional \
- Quotation marks inside the response value
- Value length is not long enough in the GUI (at least 225 characters)
- Typos
- It takes some time to save the changes in GUI to the nameserver
-
Comments
Please sign in to leave a comment.