Configure DKIM for host.domain.com email addresses

CanadaGuy

Verified User
Joined
Nov 14, 2019
Messages
158
The default DNS zone host.domain.com that is added on install doesn't have the options out of the box to enable DKIM. Is there a right way to setup DKIM for it, or would it need to be deleted, and re-added as a host.domain.com domain so it can be configured?
 
  • Like
Reactions: Kal

Kal

Verified User
Joined
Nov 18, 2019
Messages
8
Location
Australia
I was wondering the same thing @CanadaGuy. Having followed the DKIM install guide (New Method), and navigated to User Level > E-Mail Accounts (in order to enable DKIM), I got the error:
No Domains
There is no default domain; you should start with creating one first

I'm not sure what 'default domain' means in the context of administering host.domain.com. I'm also not sure why you say it's 'not a domain, just a DNS zone'. (It's both according to my understanding of DNS.)

But I suppose the only question I really need ask is, did you have success running ./dkim_create.sh host.domain.com? :)
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,554
Location
Maastricht
I'm not sure what 'default domain' means in the context of administering host.domain.com. I'm also not sure why you say it's 'not a domain, just a DNS zone'. (It's both according to my understanding of DNS.)
Not quite. There is a difference between just a DNS record (a file in /var/named) or a default domain, which is a domain which has a DNS record but also exists in Directadmin.

But I suppose the only question I really need ask is, did you have success running ./dkim_create.sh host.domain.com?
Why would you want to create a DKIM record for your hostname?
If you read the help sections correctly, even the old method, you see it's all about domain.com and not host.domain.com.

Just remove the host.domain.com DNS entry, you don't need it. It's only made so DA can work on installation.

As for your issue. Do you have a domain as admin in userlevel? If not. Create one, that will be your default domain.
 

Kal

Verified User
Joined
Nov 18, 2019
Messages
8
Location
Australia
Not quite. There is a difference between just a DNS record (a file in /var/named) or a default domain, which is a domain which has a DNS record but also exists in Directadmin.
I just meant that it's both a domain and a zone as far as DNS is concerned. As for DirectAdmin terminology, I'll have to take your word for it—I'm new to DA and have much to learn.

Why would you want to create a DKIM record for your hostname?
I wasn't sure if I should. Then I found this thread and saw that someone else was trying to do the same thing.

Just remove the host.domain.com DNS entry, you don't need it. It's only made so DA can work on installation.
Delete the whole zone file for host.domain.com? And just give host an A record under domain.com? What's the benefit of doing it this way? I'm coming from a semi-managed VPS with cPanel/WHM, where the hostname always had its own zone file.

(Either way, I can't change it at the moment, because the main domain is still hosted on the old server. I just delegated the new hostname to the new server so I could install TLS certificates and access DirectAdmin securely.)
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
DKIM record for a hostname as well as a separate DNS zone for a hostname might be required. Directadmin will add a public DKIM key for a hostname only into /var/named/hostname.db file, i.e. DNS zone created for the hostname.

DirectAdmin still sends emails from root@hostname, admin@hostname, etc. So a DKIM record for hostname is good option to get a higher trust level when sending emails.

And as of now a DKIM for hostname can be created only using the old way, see the step #4

Code:
cd /usr/local/directadmin/scripts
./dkim_create.sh $(hostname -f)
Run the two commands without modifications, as they are shown. There is nothing to replace.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,554
Location
Maastricht
Directadmin will add a public DKIM key for a hostname only into /var/named/hostname.db file, i.e. DNS zone created for the hostname.
I always remove that record after creating the main domain for the server and create an A record for the hostname in that domain like:
server A 14400 domain.com (so the same as a www or ftp record is present).

When the hostname record is created, in the DNS overview it always says "no" under "local mail", so this let me think you can't do anything with this record for local mail. Hence I always deleted it.
Next to that, normally only root or da mails are send by hostname, correct?
So this confuses me a bit now. It's only good for security of mails send from root and maybe postmaster or something like that?
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
Users emails can also be sent from user@hostname: system emails, emails from cron, emails from PHP scripts, etc.

I'm not sure what a security of mails you mean. And what risks can occur when system emails are sent from root@, postmaster@ or admin@ ?
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,554
Location
Maastricht
I'm not sure what a security of mails you mean.
I referred to the highter trust level.
Indeed I didn't thing of cron and php scripts. On our server all scripts send from @domain.com and not from hostname, but they can send from hostname indeed.

But I still wonder why mail is set to no in the DNS overview of the hostname record.

And what risks can occur when system emails are sent from root@, postmaster@ or admin@ ?
I wouldn't know, that's why I always remove that default DNS hostname record made by DA at installation time.
So if I needed this I have to remove the hostname A record (server) and create a hostname record agani? Wouldn't that create a local mail "yes" in the DNS overview? And if yes, why isn't that done on setup?
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,554
Location
Maastricht
Yes EXACTLY.
Hostname is present in /etc/virtual/domains file, should be in there indeed.

Ooooh... wait... it says local data NO on setup... not local mail NO. Pffff... :cautious::rolleyes:😏
 

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
14,255
Location
GMT +7.00
The "local data NO" means a domain does not belong to any user, and it is expected since a hostname should not be owned by anybody on a server, technically missing in /etc/virtual/domainowners

Another case, it can be seen for domains DNS zones of which are copied over Multiserver feature of DirectAdmin from another server, or DNS zones created without adding them to any user account.
 

Kal

Verified User
Joined
Nov 18, 2019
Messages
8
Location
Australia
Thanks for hashing that out you two. Much appreciated!

Code:
cd /usr/local/directadmin/scripts
./dkim_create.sh $(hostname -f)
Run the two commands without modifications, as they are shown. There is nothing to replace.
Done. Out of curiosity, where does the hostname variable come from, and what does the -f option do?
 
Last edited:
Top