Join Log in
Score:-1
Kenzo_Gilead avatar Server

DNS Records - CNAME

se flag
Kenzo_Gilead

Quite newbie, so sorry any unconnected data. I am creating a DKIM and SPF records to emulate DMARC as a workaround. An external vendor of us, want to send emails under our domain using a subdomain.

I have configured my TXT records as:

TXT    subdomain.domain.com     v=spf1 include:domain.com -all

TXT    subdomain.domain.com     "k=rsa; p=random_value"

Should I create two CNAMEs records for them right?

CNAME     selector1._domainkey.subdomain.domain.com     
selector1-subdomain-domain-com._domainkey.domain.onmicrosoft.com

CNAME     selector2._domainkey.subdomain.domain.com
selector2-subdomain-accenture-com._domainkey.domain.onmicrosoft.com

My question here is, how TXT attribute are associated to CNAME? selector1 or selector2, could be any of them.

What is the reason for _domainkey value?

Many Thanks

155
1 + 7
anx avatar
fr flag
anx
Only gets complicated if you are both using the subdomain. If the external vendor is the only user, they have likely supplied you with a complete and final list of records they recommend you set up - with hopefully some thought behind the decision whether to copy or reference their data.
0
Reply
Patrick Mevzek avatar
cn flag
Patrick Mevzek
"What is the reason for _domainkey value?" You may want to read a little more on how DKIM works... You can have a single CNAME at `_domainkey`.
0
Reply
Kenzo_Gilead avatar
se flag
Kenzo_Gilead
@PatrickMevzek. I'm doing it. I've read numerous articles and blogs, but it's complicated to understand. That is why I ask for your help. Thank you
0
Reply
Patrick Mevzek avatar
cn flag
Patrick Mevzek
@EliasMP Your DNS provider and email provider should be your first point of contacts for such questions...
0
Reply
Kenzo_Gilead avatar
se flag
Kenzo_Gilead
@PatrickMevzek. They don´t provide this kind of low-level information. At least could you indicate me if it necessary to configure a CNAME and a TXT (DKIM) or I just can add a TXT with the DKIM instead? Many Thanks
0
Reply
Patrick Mevzek avatar
cn flag
Patrick Mevzek
" They don´t provide this kind of low-level information." So you pay people and they don't give you the service for which you paid? Maybe it tells something... " if it necessary to configure a CNAME and a TXT (DKIM)" You can't have a CNAME cohabit with anything else on the same name, and once you have a CNAME you can't have anything below it in your own zone.
0
Reply
Kenzo_Gilead avatar
se flag
Kenzo_Gilead
Many Thanks @PatrickMevzek
0
Reply
Score:1
avatar Server
br flag
Salim Aljayousi

Should you create two CNAME records for the subdomain?

Yes, you need to create two CNAME records for the DKIM configuration to work correctly. Each CNAME record maps a selector name to a domain name where the DKIM public key is stored. The two selectors are typically named "selector1" and "selector2", but you can choose any names you like, as long as they are unique within the subdomain.

How are TXT attributes associated with CNAME records?

The TXT records are associated with the DKIM selectors, not the CNAME records. You need to create a TXT record for each DKIM selector, with the DKIM public key value. In your example, you would need to create two TXT records like this:

TXT selector1._domainkey.subdomain.domain.com "k=rsa; p=random_value"
TXT selector2._domainkey.subdomain.domain.com "k=rsa; p=random_value"

What is the reason for the "_domainkey" value?

The "_domainkey" part is a standard prefix used in the DKIM specification to identify the DNS record that contains the public key for a given selector. The full name of the DNS record should be in the form "selector._domainkey.example.com", where "selector" is the name of the DKIM selector, and "example.com" is the domain name of the email sender. By convention, the "_domainkey" label is used to separate the selector name from the domain name, to avoid any possible conflicts with other DNS records.

UPDATE:

Here is an example of the DNS records you might create for a subdomain called "subdomain.example.com", assuming you have one DKIM selector and one SPF policy

; DKIM records
selector1._domainkey.subdomain.example.com. IN CNAME selector1-subdomain-example-com._domainkey.example.onmicrosoft.com.
selector1-subdomain-example-com._domainkey.example.onmicrosoft.com. IN TXT "k=rsa; p=random_value"

; SPF record
subdomain.example.com. IN TXT "v=spf1 include:example.com -all"

In this example, the first line creates a CNAME record for the DKIM selector "selector1". The CNAME points to the domain name where the DKIM public key is stored, in this case "selector1-subdomain-example-com._domainkey.example.onmicrosoft.com". The second line creates a TXT record for the DKIM public key, which is associated with the DKIM selector "selector1".

The third line creates a TXT record for the SPF policy for the subdomain "subdomain.example.com". The SPF record syntax specifies that email should be sent from hosts listed in the "example.com" SPF policy. The "-all" directive specifies that any email that does not come from an authorized host should be rejected.

+ 4
Kenzo_Gilead avatar
se flag
Kenzo_Gilead
I thought you had to put a CNAME for DKIM. In my case I only have 1 DKIM, so I will only have one CNAME for it, right? Then I have an SPF record, do I also need a CNAME? That is, 1 DKIM and its CNAME. 1 SPF and its CNAME. By the way, you could edit your answer and give me an example of the CNAMEs that you would configure in this case. Very grateful. Appreciated.
0
Reply
Kenzo_Gilead avatar
se flag
Kenzo_Gilead
Having in mind SPF record if it is appropiate
0
Reply
br flag
Salim Aljayousi
updated, hope it helps
0
Reply
Kenzo_Gilead avatar
se flag
Kenzo_Gilead
Very very thanks
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.