search

darwin-network / slash

1 stars 1 forks source link

provision DNS records for email sending #4

Closed slingamn closed 6 years ago

slingamn commented 6 years ago

The SPF record is a TXT record at darwin.network., with content:

v=spf1 a mx -all

The DKIM record is a TXT record at 201802._domainkey.darwin.network., with content:

k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXH+E3Li+b11NINuk74zkt62NpyEqhN1Khuimuqxk/HaG0qOiesnrqtjKSYTebuN60ILjpJ2cbj/DMaF0hcZNzfCnEgbO6uzJ7t9a81T8vMuvdcNL5sOwoqpJNiXCfB6LlT/JJFXDJ5cGLTh5y5FkPs2gAxk74ejaad/URtLYEeC3CE5MZqRg7lexkN1R2gu1mu672UB6aiRnRPjnjEoZv6xPOclP5s4+f4tWpmMshSQd9g55bwYXI/rqPNBm1l3I+HSaO9ePFpC56EmO+LHk2LfAUqjV2l25N4Mv9i+9bTk2V2hSjIx8HZ+cNi+Qxdr5BlCrp6PNJRHihYR79hjCQIDAQAB
slingamn commented 6 years ago

I forgot: in order to receive mail, we also need an MX record for darwin.network.: priority 1, target darwin.network.

edmund-huber commented 6 years ago

SPF:

$ dig +noall +answer @8.8.8.8 -t txt darwin.network
darwin.network.         59      IN      TXT     "v=spf1 a mx -all"

DKIM:

$ dig +noall +answer @8.8.8.8 -t txt 201802._domainkey.darwin.network
201802._domainkey.darwin.network. 42 IN TXT     "k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXH+E3Li+b11NINuk74zkt62NpyEqhN1Khuimuqxk/HaG0qOiesnrqtjKSYTebuN60ILjpJ2cbj/DMaF0hcZNzfCnEgbO6uzJ7t9a81T8vMuvdcNL5sOwoqpJNiXCfB6LlT/JJFXDJ5cGLTh5y5FkPs2gAxk74ejaad/URtLYEeC3CE5MZqRg7lexkN1R2gu1mu672UB6"

MX:

$ dig +noall +answer @8.8.8.8 -t mx darwin.network
darwin.network.         59      IN      MX      1 darwin.network.

Confirm and close if this looks good to you!

slingamn commented 6 years ago

I think the DKIM record got cut off at ~256 characters? The record I see in dig output is a prefix of the expected value.

slingamn commented 6 years ago

The TXT record was too long for our registrar (actually, even with a decent registrar, the DNS spec requires splitting strings over 255 characters into multiple strings).

Here's a 1024-bit key suitable for a text record at 201802-1024._domainkey.darwin.network (note the change of name):

k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqNlNcga0GD5E5WEArhOfQpCE/YhBuhGmk9S5KiYS7Hf/YLnMgnZOMKBy1iltsetzpee0R7i4B46xPfjxouZM62bz5xMOlALZX5PcVgZOynOUJkJ1/29g9ELD7yvn1l7d1YOExxTLDcbwHt+l9uLdAohPWrVblgijw/PJbzKIegQIDAQAB
slingamn commented 6 years ago

For the record, DKIM selectors can't contain hyphens.

slingamn commented 6 years ago

This is embarrassing but I messed this up again: because DKIM selectors cannot contain hyphens, the record should be at 201802._domainkey.darwin.network, not 201802-1024._domainkey.darwin.network.

edmund-huber commented 6 years ago

Try now!

slingamn commented 6 years ago

I'm getting NXDOMAIN for 201802._domainkey.darwin.network. still.

slingamn commented 6 years ago

Works, thanks.