DKIM & Public key question and clarification

I am very new to this and seeking some clarification and answers. I’m working with a 3rd party who is provide the DKIM signature. They also require an alternate DKIM. My understanding is that I would provide a selector, domain and/or exact domain or sub-domain.

The 3rd party would then provide a public key associated with this DKIM for our DNS entry. This is what I received from then

CNAME Record: adb-domain-k1._domainkey.domain domainkey.domain IN CNAME adb-domain-k1.8292mq.custdkim.3rdpartyDomain adb-domain-k1.8292mq.custdkim.3rdpartyDomain

Alternate CNAME Record:adb-domain-k2._domainkey.domain.org domainkey.domain.org IN CNAME adb-domain-k2.evkq52.custdkim.3rdpartydomain.com adb-domain-k2.evkq52.custdkim.3rdpartydomain.com

Is this the public key as well? and How do I go about adding this to DNS. Thank you so much. Thanks Larry!

Not sure if it is a copy paste error, but it should be

adb-domain-k1._domainkey.domain.org IN CNAME adb-domain-k1.8292mq.custdkim.3rdpartyDomain

So when you are putting this in DNS

the record name is adb-domain-k2._domainkey
the record value is adb-domain-k1.8292mq.custdkim.3rdpartyDomain

Hope that makes sense.

Thanks Shehzad,

I omitted the top level because I received an error that a “new user is limited to 4 links only in a post” In any case, this video ( YouTube ) says to copy and paste the public key to your DNS.

I’m a bit confused about the public key. At 3:30sec - 9:20sec into the video, it talks about copy and paste the public key to your DNS. Salesforce sent the DKIMs, where is the public key I’m supposed to paste in DNS? Please help me to understand. Again, this is new to me. Thank you!

With Salesforce it depends on how you setup it up. If you had Salesforce generate the keys, the in the DKIM setup, it should provide you with the DKIM public key. that information is what is being used.

If Salesforce sent you the information, it’s possible that they gave you CNAME records as opposed to TXT records.

My apologies for not understanding this. Yes, salesforce did send the CNAME records above in my original post. Here is the email accompanying the CNAME records I received from salesforce.

“The TXT records for this DKIM key have been published to DNS. Before I can activate it, we need you to add the CNAME and Alternate CNAME records in the DNS for your domain. Once thats done I can publish the key and it will be active. Let me know if you have questions.”

Does this mean a public key is not need or they will provide the public key once we enter these records to DNS?

Ah, okay. The private and public keys are being handled by Salesforce. So when you implement the CNAME record, the domain you place in the value is pointing to the public key stored at Salesforce.

Hope that makes sense.

YES…this absolutely makes sense to me now. Thanks for making this clear for me. I really appreciate it!