Error Configuring DKIM on Bind BIND 9.9.4-RedHat-9.9.4-61.el7_5.1 (Extended Support Version)

jfcarvalho

5/29/24, 1:39 PM

I'm trying to configure a DKIM record on my DNS Server running BIND 9.9.4-RedHat-9.9.4-61.el7_5.1 (Extended Support Version), but I'm getting the following error:

10:36:40 ns1 named[14663]: db.domain.com.br:20: unknown RR type 'mail._domainkey'
10:36:40 ns1 named[14663]: zone domain.com.br/IN: loading from master file db.sencinet.com.br failed: unknown class/type
10:36:40 ns1 named[14663]: zone domain.com.br/IN: not loaded due to errors.

I'm using a pretty simple record:

mail._domainkey IN TXT  "v=DKIM1; h=sha256; k=rsa; s=email"

What could be the error?

0 + 6

domain-name-system

bind

dkim

Nikita Kipriyanov

5/29/24, 2:31 PM

What is the non-empty line *before* this one in the zone file? It seems the problem is there.

Reinto

5/30/24, 11:19 AM

Beyond what is causing the error, you are including tags with default values, but leaving out the public key (`p=`) tag, which is REQUIRED as per the RFC https://www.rfc-editor.org/rfc/rfc6376#section-3.6.1 Any reason for this?

jfcarvalho

5/30/24, 7:06 PM

I didn`t get the question about "non-empty line before". the entire zone is working fine and the map also.

jfcarvalho

5/30/24, 7:07 PM

Regarding to the "p=", sorry but it's not clear for me. This is the first time I'm trying to configure a DKIM record.

Reinto

5/31/24, 7:35 AM

Basically, you sign headers in your email with a private key and then point to a public key (`p=`) in DNS (your selector named `mail`) as part of a TXT record at `[selectorname]._domainkey.domain.com.br`. That way the recipient can decrypt the signed headers and compare them with the actual headers in the message and determine if they match up. This proves domain ownership and integrity of message.

Reinto

5/31/24, 7:40 AM

Regarding the "non-empty line before": Can you share the full `journalctl -xe` output? You might have an `unexpected end of input` error or something similar in the record before your DKIM record.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Error Configuring DKIM on Bind BIND 9.9.4-RedHat-9.9.4-61.el7_5.1 (Extended Support Version)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.