[Solved] DNS error when enabling DKIM

tnuz

Verified User
Joined
Jan 12, 2006
Messages
23
Location
Canada
I can't seem to get DKIM enabled on any of the domains on a server. This is the error that I get:
Everything is standard; it's a new server.

Code:
Error writing the db file: Unable to save dns zone: named-checkzone returned:
loading "domain.com" from "/var/named/domain.com.db.temp.3442" class "IN"
dns_rdata_fromtext: /var/named/domain.com.db.temp.3442:37: syntax error
zone domain.com/IN: loading from master file /var/named/domain.com.db.temp.3442 failed: syntax error
zone domain.com/IN: not loaded due to errors.

$TTL 14400
@       IN      SOA     dns.domain.nl.      hostmaster.domain.com. (
                                                2020041406
                                                14400
                                                3600
                                                1209600
                                                86400 )

domain.com.    14400    IN    NS    dns.domain.eu.
domain.com.    14400    IN    NS    dns.domain.nl.

ftp    14400    IN    A    12.34.56.78
mail    14400    IN    A    12.34.56.78
pop    14400    IN    A    12.34.56.78
smtp    14400    IN    A    12.34.56.78
domain.com.    14400    IN    A    12.34.56.78
www    14400    IN    A    12.34.56.78

domain.com.    14400    IN    MX    10 mail



domain.com.    14400    IN    TXT    "v=spf1 a mx ip4:12.34.56.78 ~all"
x._domainkey    14400    IN    TXT    "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQAEypsdthqtvHC6SxUwQhz/q8fBYeva8THyKMrs2NRcIvN+ItyiVwtl0iE2jcgc2v4zu7GtpQ+1l+9+X7UEfjWuurA0b4qBv2VOy7QyGdC4yG3Ze70exHmpzak15ynmimu9+BlkGZJm9Rh9z2Vc+CApXDhX+JwHbHStYQZ/VsT+AYX9NTftJCpNOR1ZPh4N/ogm27EeRv08AwkXmEyxj6rVnVusiNKJg7s8xmVeGPnUuJGH1Snq/h/bFmrTqU0r3rk5ev1iunQYDaSeMUHwMctT/aoxeRHprl6dBtrLrsimu85I64vpJcquurT/2dQ/1jRYuaj0eTnrWWy9WEGMywr3lQIDAQAB"

ftp    14400    IN    AAAA    2001:7b8:d08:0:12:34:56:78
mail    14400    IN    AAAA    2001:7b8:d08:0:12:34:56:78
pop    14400    IN    AAAA    2001:7b8:d08:0:12:34:56:78
smtp    14400    IN    AAAA    2001:7b8:d08:0:12:34:56:78
domain.com.    14400    IN    AAAA    2001:7b8:d08:0:12:34:56:78
www    14400    IN    AAAA    2001:7b8:d08:0:12:34:56:78
I would appreciate help with this.
 

tnuz

Verified User
Joined
Jan 12, 2006
Messages
23
Location
Canada
Yes, I used the IPv4 address in the IPv6 address, so it's easy to recognize to what server the IPv6 address belongs. But that's not the cause of the problem.

I did find the cause, but need CentOS or DirectAdmin to fix it.
When enabling DKIM, or creating a new domain (DKIM is enabled by default), the DKIM key in the TXT field is too long for named-checkzone (at least on CentOS 8). Long TXT records need to be split into multiple lines like here:


I'm hoping that the DA developers can fix that soon.
 

DirectAdmin Support

Administrator
Staff member
Joined
Feb 27, 2003
Messages
9,051
DirectAdmin already turns new records into multi-line values.
If you're passing a full raw zone via API, it's not DA' business to modify it.

In any case, check to ensure you've got:
Code:
/usr/local/directadmin/directadmin c | grep wrap_long_dns_values
showing wrap_long_dns_values=1. If you've changed a directadmin.conf setting, be sure to restart DA.

As for "how" you're adding the record.. DA does have a full set of scripts to do that for you.
See the /usr/local/directadmin/scripts/./dkim_create.sh which does all the work.
If you've manually created the dkim keys in /etc/virtual/domain.com/dkim.*.key, then let DA add those into the dns for you:
Code:
echo "action=rewrite&value=dkim&domain=${DOMAIN}&dns=yes" >> /usr/local/directadmin/data/task.queue.cb; /usr/local/directadmin/dataskq d200 --custombuild
John
 

tnuz

Verified User
Joined
Jan 12, 2006
Messages
23
Location
Canada
Thank you John.

On two recently installed servers the default value for wrap_long_dns_values was 0

So I ran:
Code:
/usr/local/directadmin/directadmin set wrap_long_dns_values 1
systemctl restart directadmin
Then I turned DKIM on on different domains and it al works fine again.
It seems that for some reason wrap_long_dns_values wasn't turned on by default during the installation.
 

DirectAdmin Support

Administrator
Staff member
Joined
Feb 27, 2003
Messages
9,051
Not sure. Check the data/templates/directadmin.conf to see what it has set. It shiould not have wrap_long_dns_values in there.
I've just confirmed that the internal default is set to 1.. so I'm unclear how it became 0.

If you clear it from the conf/directadmin.conf, check:
Code:
./directadmin c | grep wrap_long_dns_values
to ensure it's using the internal value.. it should show 1. If it doesn't, check ./directadmin o to confirm the compile date.

John
 

scriptkitty

Verified User
Joined
Jul 10, 2019
Messages
149
So I ran:
Code:
/usr/local/directadmin/directadmin set wrap_long_dns_values 1
systemctl restart directadmin
Then I turned DKIM on on different domains and it al works fine again.
It seems that for some reason wrap_long_dns_values wasn't turned on by default during the installation.
Thanks for sharing your resolution! :)
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
5,254
Location
Maastricht
On two recently installed servers the default value for wrap_long_dns_values was 0
That's odd. I didn't know about that line either. So I just checked a newly installed VPS system with DA and Centos 8 and it was activated by default and not present in the directadmin.conf file. VPS was installed about a week ago. Same for my last year september installed Centos 7 servers.
So I'm not sure if you had a line in the directadmin.conf stating the value of 0, but if you did, then that line is not there by default.

Anyway it's good to know this one. Thank you DA.
 
Top