DKIM & Public key question and clarification

LarryLa · May 20, 2020, 4:19pm

I am very new to this and seeking some clarification and answers. I’m working with a 3rd party who is provide the DKIM signature. They also require an alternate DKIM. My understanding is that I would provide a selector, domain and/or exact domain or sub-domain.

The 3rd party would then provide a public key associated with this DKIM for our DNS entry. This is what I received from then

CNAME Record: adb-domain-k1._domainkey.domain domainkey.domain IN CNAME adb-domain-k1.8292mq.custdkim.3rdpartyDomain adb-domain-k1.8292mq.custdkim.3rdpartyDomain

Alternate CNAME Record:adb-domain-k2._domainkey.domain.org domainkey.domain.org IN CNAME adb-domain-k2.evkq52.custdkim.3rdpartydomain.com adb-domain-k2.evkq52.custdkim.3rdpartydomain.com

Is this the public key as well? and How do I go about adding this to DNS. Thank you so much. Thanks Larry!

smirza · May 20, 2020, 6:22pm

Not sure if it is a copy paste error, but it should be

adb-domain-k1._domainkey.domain.org IN CNAME adb-domain-k1.8292mq.custdkim.3rdpartyDomain

So when you are putting this in DNS

the record name is adb-domain-k2._domainkey
the record value is adb-domain-k1.8292mq.custdkim.3rdpartyDomain

Hope that makes sense.

LarryLa · May 20, 2020, 8:55pm

Thanks Shehzad,

I omitted the top level because I received an error that a “new user is limited to 4 links only in a post” In any case, this video ( YouTube ) says to copy and paste the public key to your DNS.

I’m a bit confused about the public key. At 3:30sec - 9:20sec into the video, it talks about copy and paste the public key to your DNS. Salesforce sent the DKIMs, where is the public key I’m supposed to paste in DNS? Please help me to understand. Again, this is new to me. Thank you!

smirza · May 21, 2020, 12:33pm

With Salesforce it depends on how you setup it up. If you had Salesforce generate the keys, the in the DKIM setup, it should provide you with the DKIM public key. that information is what is being used.

If Salesforce sent you the information, it’s possible that they gave you CNAME records as opposed to TXT records.

LarryLa · May 21, 2020, 12:57pm

My apologies for not understanding this. Yes, salesforce did send the CNAME records above in my original post. Here is the email accompanying the CNAME records I received from salesforce.

“The TXT records for this DKIM key have been published to DNS. Before I can activate it, we need you to add the CNAME and Alternate CNAME records in the DNS for your domain. Once thats done I can publish the key and it will be active. Let me know if you have questions.”

Does this mean a public key is not need or they will provide the public key once we enter these records to DNS?

smirza · May 21, 2020, 1:13pm

Ah, okay. The private and public keys are being handled by Salesforce. So when you implement the CNAME record, the domain you place in the value is pointing to the public key stored at Salesforce.

Hope that makes sense.

LarryLa · May 21, 2020, 1:23pm

YES…this absolutely makes sense to me now. Thanks for making this clear for me. I really appreciate it!

Abhinandan_Poll · March 22, 2021, 6:57am

I’m trying to add in my DKIM settings under DNS, Et20slam but I can’t seem to get them to authenticate. I need to add in a TXT record of google._domainkey, but it won’t let me because “Host must be set to the primary domain or a subdomain of it.” Any ideas?

smirza · March 23, 2021, 1:45pm

Hello,

Just to confirm, what are you using the create the DKIM keys? Are you using Gmail?

Shehzad

Xaxa · October 2, 2021, 10:14am

The question is too good and answers are delivered