[GH-ISSUE #1403] DKIM: wrong bind record syntax for subdomains #1114

Closed
opened 2026-02-27 11:15:21 +03:00 by kerem · 3 comments
Owner

Originally created by @tonioo on GitHub (Feb 24, 2018).
Original GitHub issue: https://github.com/modoboa/modoboa/issues/1403

Originally assigned to: @tonioo on GitHub.

The TXT record generated for DKIM keys is wrong for subdomains.

Example (sub.domain.test):
selector._domainkey IN TXT ...

instead of:
selector._domainkey.sub IN TXT ...

Originally created by @tonioo on GitHub (Feb 24, 2018). Original GitHub issue: https://github.com/modoboa/modoboa/issues/1403 Originally assigned to: @tonioo on GitHub. The TXT record generated for DKIM keys is wrong for subdomains. Example (sub.domain.test): selector._domainkey IN TXT ... instead of: selector._domainkey.sub IN TXT ...
kerem 2026-02-27 11:15:21 +03:00
  • closed this issue
  • added the
    bug
    label
Author
Owner

@Toniob commented on GitHub (Feb 24, 2018):

You should put the complete domain to be certain it works everytime. In your example :
selector._domainkey.sub.domain.test. IN TXT
Just don't forget the trailing "." . Sometimes, what you think is a subdomain isn't (did you think of the tld .co.uk ? or the eu.org ?)

<!-- gh-comment-id:368228108 --> @Toniob commented on GitHub (Feb 24, 2018): You should put the complete domain to be certain it works everytime. In your example : selector._domainkey.sub.domain.test. IN TXT Just don't forget the trailing "." . Sometimes, what you think is a subdomain isn't (did you think of the tld .co.uk ? or the eu.org ?)
Author
Owner

@ghost commented on GitHub (Feb 24, 2018):

It depends on how you configure your DNS, the following 3 examples all achieve the same thing in bind

$ORIGIN sub.example.gb.net.
ident._domainkey                        IN  TXT     "v=DKIM1; p=..."

$ORIGIN example.gb.net.
ident._domainkey.sub                    IN  TXT     "v=DKIM1; p=..."

ident._domainkey.sub.example.gb.net.    IN  TXT     "v=DKIM1; p=..."

@tonioo for Modoboa I would probably go for the 3rd option as it doesn't make any assumptions about $ORIGIN being defined.

<!-- gh-comment-id:368228971 --> @ghost commented on GitHub (Feb 24, 2018): It depends on how you configure your DNS, the following 3 examples all achieve the same thing in bind ``` $ORIGIN sub.example.gb.net. ident._domainkey IN TXT "v=DKIM1; p=..." $ORIGIN example.gb.net. ident._domainkey.sub IN TXT "v=DKIM1; p=..." ident._domainkey.sub.example.gb.net. IN TXT "v=DKIM1; p=..." ``` @tonioo for Modoboa I would probably go for the 3rd option as it doesn't make any assumptions about `$ORIGIN` being defined.
Author
Owner

@tonioo commented on GitHub (Feb 24, 2018):

@Toniob @fyfe I choose the latest one (easier to implement).

<!-- gh-comment-id:368229526 --> @tonioo commented on GitHub (Feb 24, 2018): @Toniob @fyfe I choose the latest one (easier to implement).
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/modoboa-modoboa#1114
No description provided.