Difference between revisions of "BIND: Setup DMKI"

From OnnoWiki
Jump to navigation Jump to search
(Created page with "Adding a DKIM record to your DNS is quite simple. First, your create a key pair with openssl: openssl genrsa -out private.key 1024 openssl rsa -in private.key -pubout -out p...")
 
 
(3 intermediate revisions by the same user not shown)
Line 3: Line 3:
 
First, your create a key pair with openssl:
 
First, your create a key pair with openssl:
  
openssl genrsa -out private.key 1024
+
openssl genrsa -out private.key 1024
openssl rsa -in private.key -pubout -out public.key
+
openssl rsa -in private.key -pubout -out public.key
  
 
Your public key looks now like:
 
Your public key looks now like:
  
-----BEGIN PUBLIC KEY-----
+
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEI2JbDzjyNCCxXVWqLdOD+EpS
+
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfA14QIpOjnPT8sN/uLc8aoUpM
ZPFEtHG7bmYSQaQjDHP/DQnQ3adkcOKDyEZKHrZTpLFOfd063uUTw4SlloLpziGL
+
PJQS47UYyn0+VhcTACZuxEMxCKBatAdOMFcNxlqPsXxjxPH1o/A9fOZJ8Uf+Ff2n
PD44v0vLZI0TXjpdsvSXl0vV6i4nxBnqhvCOG3TrMIz8iF8e8cQL0dnxeaQZyRvx
+
3ODOhk9VYU45at9b1GyMtoNR5kSRLZX+V7FGlOEcoDiG0Ixmb2c6NBV+e221IWyb
sbkccjUxLKw1YomX0QIDAQAB
+
5MIBp3vDiipAJNTO1wIDAQAB
-----END PUBLIC KEY-----
+
-----END PUBLIC KEY-----
 +
 
 +
 
  
 
Now you convert this output to one single line:
 
Now you convert this output to one single line:
  
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEI2JbDzjyNCCxXVWqLdOD+EpSZPFEtHG7bmYSQaQjDHP/DQnQ3adkcOKDyEZKHrZTpLFOfd063uUTw4SlloLpziGLPD44v0vLZI0TXjpdsvSXl0vV6i4nxBnqhvCOG3TrMIz8iF8e8cQL0dnxeaQZyRvxsbkccjUxLKw1YomX0QIDAQAB
+
 
 +
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfA14QIpOjnPT8sN/uLc8aoUpMPJQS47UYyn0+VhcTACZuxEMxCKBatAdOMFcNxlqPsXxjxPH1o/A9fOZJ8Uf+Ff2n3ODOhk9VYU45at9b1GyMtoNR5kSRLZX+V7FGlOEcoDiG0Ixmb2c6NBV+e221IWyb5MIBp3vDiipAJNTO1wIDAQAB
 +
 
  
 
This line you will use as public key in your DNS record.
 
This line you will use as public key in your DNS record.
Line 23: Line 27:
 
Next, add two txt records like
 
Next, add two txt records like
  
  _domainkey.domain.com          IN TXT o=!;r=postmaster@domain.com
+
  _domainkey.domain.com          IN TXT o=~;r=postmaster@domain.com
 
  selector._domainkey.domain.com IN TXT v=DKIM1;k=rsa;p=<public key>
 
  selector._domainkey.domain.com IN TXT v=DKIM1;k=rsa;p=<public key>
  

Latest revision as of 18:09, 28 April 2019

Adding a DKIM record to your DNS is quite simple.

First, your create a key pair with openssl: 

openssl genrsa -out private.key 1024
openssl rsa -in private.key -pubout -out public.key

Your public key looks now like: 

-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfA14QIpOjnPT8sN/uLc8aoUpM
PJQS47UYyn0+VhcTACZuxEMxCKBatAdOMFcNxlqPsXxjxPH1o/A9fOZJ8Uf+Ff2n
3ODOhk9VYU45at9b1GyMtoNR5kSRLZX+V7FGlOEcoDiG0Ixmb2c6NBV+e221IWyb
5MIBp3vDiipAJNTO1wIDAQAB
-----END PUBLIC KEY-----


Now you convert this output to one single line: 


MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfA14QIpOjnPT8sN/uLc8aoUpMPJQS47UYyn0+VhcTACZuxEMxCKBatAdOMFcNxlqPsXxjxPH1o/A9fOZJ8Uf+Ff2n3ODOhk9VYU45at9b1GyMtoNR5kSRLZX+V7FGlOEcoDiG0Ixmb2c6NBV+e221IWyb5MIBp3vDiipAJNTO1wIDAQAB


This line you will use as public key in your DNS record.

Next, add two txt records like 

_domainkey.domain.com          IN TXT o=~;r=postmaster@domain.com
selector._domainkey.domain.com IN TXT v=DKIM1;k=rsa;p=<public key>

Which means: 

   o=~ the server signs some mail
   o=- all mail is signed, but unsigned mail should be accepted
   o=! all mail is signed, do not accept unsigned mail
   t=y I’m still testing
   v=DKIM1 we use DKIM version 1
   k=rsa it is a RSA key
   r=<x@xx> report problems to this email address
   p=<public key> this is the generated public key

Do not use keys with length other than 1024. 512 is too short and 2048 will give you problems with most DNS servers.

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=BIND:_Setup_DMKI&oldid=56155"