-1

Quite newbie, so sorry any unconnected data. I am creating a DKIM and SPF records to emulate DMARC as a workaround. An external vendor of us, want to send emails under our domain using a subdomain.

I have configured my TXT records as:

TXT    subdomain.domain.com     v=spf1 include:domain.com -all

TXT    subdomain.domain.com     "k=rsa; p=random_value"

Should I create two CNAMEs records for them right?

CNAME     selector1._domainkey.subdomain.domain.com     
selector1-subdomain-domain-com._domainkey.domain.onmicrosoft.com

CNAME     selector2._domainkey.subdomain.domain.com
selector2-subdomain-accenture-com._domainkey.domain.onmicrosoft.com

My question here is, how TXT attribute are associated to CNAME? selector1 or selector2, could be any of them.

What is the reason for _domainkey value?

Many Thanks

Improve this question
7
  • Only gets complicated if you are both using the subdomain. If the external vendor is the only user, they have likely supplied you with a complete and final list of records they recommend you set up - with hopefully some thought behind the decision whether to copy or reference their data.
    – anx
    Commented Feb 21, 2023 at 12:59
  • "What is the reason for _domainkey value?" You may want to read a little more on how DKIM works... You can have a single CNAME at _domainkey.
    – Patrick Mevzek
    Commented Feb 21, 2023 at 14:45
  • @PatrickMevzek. I'm doing it. I've read numerous articles and blogs, but it's complicated to understand. That is why I ask for your help. Thank you
    – Kenzo_Gilead
    Commented Feb 21, 2023 at 15:10
  • @EliasMP Your DNS provider and email provider should be your first point of contacts for such questions...
    – Patrick Mevzek
    Commented Feb 21, 2023 at 15:14
  • @PatrickMevzek. They don´t provide this kind of low-level information. At least could you indicate me if it necessary to configure a CNAME and a TXT (DKIM) or I just can add a TXT with the DKIM instead? Many Thanks
    – Kenzo_Gilead
    Commented Feb 21, 2023 at 15:30

1 Answer 1

Reset to default
1

Should you create two CNAME records for the subdomain?

Yes, you need to create two CNAME records for the DKIM configuration to work correctly. Each CNAME record maps a selector name to a domain name where the DKIM public key is stored. The two selectors are typically named "selector1" and "selector2", but you can choose any names you like, as long as they are unique within the subdomain.

How are TXT attributes associated with CNAME records?

The TXT records are associated with the DKIM selectors, not the CNAME records. You need to create a TXT record for each DKIM selector, with the DKIM public key value. In your example, you would need to create two TXT records like this:

TXT selector1._domainkey.subdomain.domain.com "k=rsa; p=random_value"
TXT selector2._domainkey.subdomain.domain.com "k=rsa; p=random_value"

What is the reason for the "_domainkey" value?

The "_domainkey" part is a standard prefix used in the DKIM specification to identify the DNS record that contains the public key for a given selector. The full name of the DNS record should be in the form "selector._domainkey.example.com", where "selector" is the name of the DKIM selector, and "example.com" is the domain name of the email sender. By convention, the "_domainkey" label is used to separate the selector name from the domain name, to avoid any possible conflicts with other DNS records.

UPDATE:

Here is an example of the DNS records you might create for a subdomain called "subdomain.example.com", assuming you have one DKIM selector and one SPF policy

; DKIM records
selector1._domainkey.subdomain.example.com. IN CNAME selector1-subdomain-example-com._domainkey.example.onmicrosoft.com.
selector1-subdomain-example-com._domainkey.example.onmicrosoft.com. IN TXT "k=rsa; p=random_value"

; SPF record
subdomain.example.com. IN TXT "v=spf1 include:example.com -all"

In this example, the first line creates a CNAME record for the DKIM selector "selector1". The CNAME points to the domain name where the DKIM public key is stored, in this case "selector1-subdomain-example-com._domainkey.example.onmicrosoft.com". The second line creates a TXT record for the DKIM public key, which is associated with the DKIM selector "selector1".

The third line creates a TXT record for the SPF policy for the subdomain "subdomain.example.com". The SPF record syntax specifies that email should be sent from hosts listed in the "example.com" SPF policy. The "-all" directive specifies that any email that does not come from an authorized host should be rejected.

Improve this answer
3
  • I thought you had to put a CNAME for DKIM. In my case I only have 1 DKIM, so I will only have one CNAME for it, right? Then I have an SPF record, do I also need a CNAME? That is, 1 DKIM and its CNAME. 1 SPF and its CNAME. By the way, you could edit your answer and give me an example of the CNAMEs that you would configure in this case. Very grateful. Appreciated.
    – Kenzo_Gilead
    Commented Feb 21, 2023 at 13:52
  • Having in mind SPF record if it is appropiate
    – Kenzo_Gilead
    Commented Feb 21, 2023 at 13:59
  • updated, hope it helps
    – Salim Aljayousi
    Commented Feb 21, 2023 at 14:24

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .