possible bug in DirectAdmin DKIM implementation while restoring a backup

D

Driesp

Verified User
Joined
Mar 12, 2007
Messages
185
Location
Belgium
Hi all

I am currently monitoring DKIM until I roll it out for all servers.
I wrote a script that checks if the public key in /etc/virtual really is configured in DNS.
My script sometimes notices discrepancy's between the public key in DNS and the public key configured in /etc/virtual after a while.

I think there is an issue when a client is restoring a backup.
The DKIM key get restored, but the old DKIM key is not updated in DNS.
Firstly, I am not sure why DirectAdmin is restoring an old DKIM key, and secondly why it is not updating it in DNS. I should investigate this further.
Maybe DirectAdmin should not restore a DKIM key if there already is a key active, or maybe it should not backup a key alltogether, I'm not sure.

The problem occurs in the following situation (I THINK):
1. An account has DKIM activated.
2. A backup has been made
3. The DKIM key gets renewed or refreshed (disable / enable DKIM)
4. A backup restore is requested
In this situation the old DKIM key is restored, but not updated in DNS.

Kind regards
Dries
 
Driesp said:
4. A backup restore is requested
In this situation the old DKIM key is restored, but not updated in DNS.
Click to expand...
For user backups and restores, I think the same would go for SPF values, if something changes between backups and restores, it's normal that the restore has other values.

However for an admin backup/transfer, this could be fixed the same way it's fixed for SPF.

For this to work we might be missing a kindlike option like this for DKIM in admin backup/transfer:
Restore with SPF values from backup

which can be set or unset. Maybe we need a similar option for DKIM there.
 
Hi Richard

Thank you for your reply.

I am not sure what the correct approach is to fix this issue.
Personally, I don't see a reason to restore a DKIM key if an older backup contains a different key. But I don't know the reasoning why they did it.

DirectAdmin does not seem to update the public key in DNS when the DKIM key is restored.
This actually means that the DKIM configuration becomes faulty.

Kind regards
Dries
 
Last edited:
You must log in or register to reply here.
Back
Top