Overview
This article explains how to troubleshoot DNS records connected to Kerio Connect Servers. Common symptoms related to these issues are:
- You cannot add the default 2048-bit DKIM key into your DNS provider UI.
- You see the error "DKIM public key for domain.com was not found in DNS record" within the Domain General tab.
- You see extra random characters within your DKIM key in error.
Workflow
Instructions
Each blue rectangle represents a troubleshooting procedure and links to a section in this article:
- Create a Short DKIM Public Key
- Split the DKIM Record
- Verify the DKIM was Copied Correctly
- Create a New DKIM Key
- Perform a Fresh DNS Record Lookup
Create a Short DKIM Public Key
Some DNS providers limit the size of the TXT record values that you can enter, resulting in the default 2048-bit DKIM public key not being accepted. To get around this trouble, you can use online DKIM key creation utilities to create a shorter 1024-bit key.
Reference the guidance within Generating a 1024-bit DKIM key when not able to add the default 2048-bit DKIM key into DNS.
Split the DKIM Record
When reviewing your Domain's General tab within the Webadmin to collect your Public Key, you may notice an error stating, "DKIM public key for [yourdomain] was not found in DNS Record." This error indicates that the DKIM record contains a string that is over 255 characters. Luckily, you can split the DKIM records into multiple strings to prevent this error.
Reference the guidance within Long DKIM public key is not found in DNS records.
Verify the DKIM was Copied Correctly
When performing a DNS lookup to verify your new DKIM record, you might notice that you are seeing random characters appearing, such as extraneous quotation marks. You may also notice that the total Key length is slightly larger or smaller than the correct DKIM sizes (1024-bit or 2048-bit DKIM Keys). These troubles are often caused by incorrectly copying the DKIM key from within the Kerio Connect UI.
Reference the guidance within the Common Issues section of Adding DKIM and DMARC Records to Kerio Connect.
Create a New DKIM Key
If you verify that you copied the Key correctly, this may indicate that the Public Key in use on your server is invalid; you can generate a brand new, valid DKIM public key to correct the fault. These can be easily created using a 3rd-Party DKIM creation utility.
Reference the guidance within the Adding a New Private Key to Kerio Connect section of Configuring DNS for DKIM in Kerio Connect.
Perform a Fresh DNS Record Lookup
Once you have made adjustments to your DNS records, be aware that any changes will often take time to propagate fully. It can, in some cases, take upwards of 48-hours for the changes to fully propagate across the entire internet. As such, you may receive inconsistent results while testing before 48-hours have elapsed.
For the most reliable results, it is suggested that you wait for the full 48-hours before re-running your DNS Checks using a 3rd-party DNS lookup utility, such as MXToolbox.
If you continue to see the incorrect, older records after 48-hours, reach out to your DNS provider to confirm they do not have any internal DNS record propagation timelines.