Deploy DomainKeys/DKIM Public Key in DNS Server
Deploy Public Key TXT in BIND Server
If your domain is hosted by Bind DNS server, you can add DKIM public key record like this: locate your domain's zone file and open it with your preferred editor, then add the following content:
; DKIM policy record _domainkey.yourdomain.com. IN TXT "o=~;" ; DKIM public key record s1024._domainkey.yourdomain.com. IN TXT "k=rsa;p=MIGfMA0GCS....ofIz0IW7QwIDAQAB"
Deploy Public Key by DKIM Manager
If your domain is hosted by Windows DNS Server in local LAN. After you added a domain in DKIM Plugin Manager, you can select the domain and click "Deploy Key", input your DNS server address and choose the DNS zone, the public key will be deployed to DNS server automatically.
Deploy Public Key Manually
If your domain is not hosted by Windows DNS server in local LAN, or it is failed by "Deploy Key" in DKIM manager, you can select the domain and click "Export Public Key". A dialog box will pop up and display a Public Key and a TXT record for deployment in your DNS server.
- TXT Record
- The full name of your public key record.
- Public Key
- The value in the record.
- Test Mode
- "t=y;" in public key record means Test mode, you can remove "t=y;" from your public key record after your DKIM/DomainKeys test is finished.
- Domain Policy Record (Optional)
- Domain Policy Record is always deployed to _domainkey.yourdomain. In policy record value, o = Outbound Signing policy ("-" means that this domain signs all email; "~" is the default value and means that this domain may sign some email with DomainKeys). If you do not set policy record, the o=~; is used by default.
Deploy Public Key TXT record in Windows DNS Server
Step 1: Select and open a domain (e.g. emailarchitect.net) which you want to add a public key record to. Right-click the record list and select "Other New Records..." from the menu.
Step 2: Select the Text (TXT) record type and click the "Create Record..." button.
Step 3: Copy the value (t=y; k=rsa; p=...) from Public Key field and paste it to the "Text" text box and input "s1024._domainkey" (depends on the information in the dialog box, the syntax is [selector]._domainkey) in Record Name. Click the OK button.
(Windows 2000 DNS Server*)
If you're using Windows 2000 DNS server, you should create "_domainkey" domain under "your domain" at the beginning, and then create "s1024" TXT record under "_domainkey" sub-domain. The reason is that creating "s1024._domainkey" TXT record directly is not permitted in Windows 2000 DNS server.
Add Policy record in Windows DNS Server (Optional*)
Step 1: Select and open a domain (e.g. emailarchitect.net) which you want to add a public key record to. Right-click the record list and select "Other New Records..." from the menu.
Step 2: Select the Text (TXT) record type and click the "Create Record..." button.
Step 3: Copy the value (t=y; o=~;) from Policy field and paste it to the "Text" text box and input "_domainkey" in Record Name. Click the OK button.
*This record is optional, you don't have to add it. If you do not set policy record, the o=~; is used by default.
Deploy Public Key TXT in Network Solutions DNS server
If your domain is hosted by www.networksolutions.com, you can deploy your public key like this:
Step 1: Select your domain
Step 2: Select the "Edit TXT Record.
Step 3: Copy the value (t=y; k=rsa; p=...) from Public Key field and paste it to the "Text" text box and input "s1024._domainkey" (depends on the information in the dialog box, the syntax is [selector]._domainkey) in Host. Click the "Continue" button.
Step 4 (optional*): Copy the value (t=y; o=~;) from Policy field and paste it to the "Text" text box and input "_domainkey" in Host. Click the OK button.
Deploy Public Key TXT in other DNS server
If your domain is hosted by other ISP, as most ISP provide DNS Web administration like "network solutions" do, you can refer to "Deploy Public Key TXT in Network Solutions DNS server" section and deploy your public key in your ISP DNS Web administrative tool.
If you are not DNS server administrator, or your domain is hosted by other DNS server, please send the information in dialog box->DNS Public Deployment to your domain DNS server administrator for assistant.
Test Public Key Deployment
After the Public Key in DNS server is deployed, you can click "Test Public Key" in EA DomainKeys/DKIM Manager to verify the public key. It will tell if your public key is deployed correctly. After your public key is ok, you can go to "Test DomainKeys/DKIM signature".
You can also use nslookup command to test your public key as follows:
Windows Start menu->input:
nslookup
press enter
input:
set type=txt
press enter
input ([selector]._domainkey.yourdomain):
s1024._domainkey.yourdomain
nslookup
press enter
input:
set type=txt
press enter
input ([selector]._domainkey.yourdomain):
s1024._domainkey.yourdomain
If your key is deployed successfully, it should return something like above screenshot.
2048 Public Key Deployment
Because single DNS TXT record is limited to 255 characters, public key length of 2048 certificate exceeds the limit. So you need to separate public key to two parts in DNS server.
In Windows DNS Server, you should use line-break to separate the long public key
k=rsa; p=k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8YgepDS0lUI3H9dMaQt2Mm... JTZr1+rjFjkKZV0nYngr/Bv3G1KbqFfp4yDFMUODf9Q/m3OO03GO204kc4CygBQzCKe8BZqzDfHN5rOG...;
In BIND Server, you should deploy key as follows:
s1024._domainkey.yourdomain.com. IN TXT ("k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiv..." "2LjDmbvj6V82iSnW3lAg3Sr212o4JnKm7iFAT6diDvItDzA//5botwDpk9jrRFxi...") ;OR s1024._domainkey.yourdomain.com. IN TXT "k=rsa; p=MIIBIjANBgkqhkiG9w..." "2LjDmbvj6V82iSnW3lAg3Sr212o4..."
See Also
Setup DomainKeys/DKIM
Test DomainKeys/DKIM signature
Troubleshooting
Using Selector
Using Sender Rule
Appendix - Set up SPF record in DNS server
Appendix - Set up DMARC record
Test DomainKeys/DKIM signature
Troubleshooting
Using Selector
Using Sender Rule
Appendix - Set up SPF record in DNS server
Appendix - Set up DMARC record
Online
沒有留言:
張貼留言