Mailgun TXT Records Can not be Verified

Z

zakarisz

New member
Joined
May 17, 2016
Messages
1
Hi,

I'm trying to change mx, txt and cname records for my domain.
Mailgun gives exact values for changing fields.
At first I didn't add . (dot) after hostname and couldn't make it verified. (mailgun values was without . )
After that I've added . and cname and mx records seem verified now.
But when I check TXT records it seems unverified. Is there any other trick for that?
 
zakarisz said:
Hi,I'm trying to change mx, txt and cname records for my domain.
Click to expand...


Good luck with that. I had to move to another ESP because Mailgun's DKIM check plainly refuses the line break that DireactAdmin inserts. The official DKIM spec says linebreaks are allowed, so Mailgun's verification is off. I've tried to explain this to the Mailgun staff, but they didn't really understand. Which made me realize that Mailgun is not the ESP for me.

On the line break in the DKIM record: I think it's not a good idea, but I seem to remember reading the discussion about it. The field can get very very long, and it doesn't wrap the key, so the table gets very wide. But that seems like an old school problem: these days you can just add the neccessary CSS to break on non-whitespace characters.

Luckily, other ESP's have better DKIM-verifying code than Mailgun.
 
I'm lost, are you copying the DKIM key manually? If yes, you can easly re-create a single line one, i've got some customer that prefer have external DNS services and they copy the key manually to a txt record on their dns provider when they wanna activate dkim for one of their customers.

Regards
 
SeLLeRoNe said:
I'm lost, are you copying the DKIM key manually?
Click to expand...

Here's what you're normally asked to do by an ESP: copy their DKIM key string, paste it into a TXT DNS record. The string is usually very long, and from what I understand from the technote I linked to above (which is mentioned on a thread on this forum), DA puts some line breaks in it. I can verify this. I copied a one-line DKIM string and pasted that into DA DNS management. If I check the result in /var/named/mydomain.db, I see that indeed the string has been cut up into several different ones:

Code: 
x._domainkey	300	IN	TXT	( "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu96OWoLW2aVFh6sPFCMm4fBEIz2D2uDM7y2WY/CmJLTVWbd9mmgm2v7jE/Y6S4PyXZlssl+5Jbh8j/Ak2IvrL/V"
					"i7QhfFVoHp2O5lF65A0K9/2xMeGSQWfSI4dMKD4c6S6CjZ45umAqYuvXxQqGQkTaZ48dgvrWD8289UM3mTA5HJvy80Z+LMKyaH4fYjL+Oz7odKGSk6ROKz6VQpEyfqePdjXGnKKlTZGqoeyzuk+iJv"
					"Cap7K5ASqwiz7hRHdnJiGNNIEJ6jXzNuH476GOU8jxOGmEyhieHFoVnF4mv5aIHcW/3kRNKEaK2DvFv49alvA/mdiDxcz9pJ6iPLmwIOQIDAQAB" )

If I go to http://dkimcore.org/c/keycheck and have it verified, the outcome is:

This TXT record consists of multiple strings. This is valid, but could be avoided.
Click to expand...

Just to be sure: I did not put the line breaks in this record. I pasted it in, in one line. Mailgun thinks that the line breaks are invalid. The DKIM spec doesn't agree (if I interpreted it correctly), neither does the DKIMcore checker.
 
Ok now i got it! So you need to use an external DKIM key into DA, i tought the way around :)

Apparently Mailgun have a problem on accept the DKIM, as far as zmippie wrote.

If that's the case, i guess you can't do that much to fix it on your side.

Regards
 
SeLLeRoNe said:
If that's the case, i guess you can't do that much to fix it on your side.
Click to expand...

I guess the only other option is to manually hack the zone file where the DKIM is stored. But even if the OP has that kind of access to the server in question, that's not advisable.
 
I didn't suggest that because as soon as you add a subdomain or change an IP from DA, it should recreate the zone file if i'm not wrong.

Regards
 
You must log in or register to reply here.
Back
Top