Open cavaughankirov opened 1 year ago
The message came from libopendkim/dkim-keys.c
and caused by the DNS response for the query for 'default._domainkey.***.com' TXT type.
So if you can use dig or other DNS query tools and can watch the response for the query above, it might be helpful.
I got the same error for the DKIM record for mails from mail.bethesda.net:
key retrieval failed (s=zenimaxmedia, d=email.bethesda.net): 'zenimaxmedia._domainkey.email.bethesda.net' unexpected reply class/type (-1/-1)
host -t TXT zenimaxmedia._domainkey.email.bethesda.net
returns:
zenimaxmedia._domainkey.email.bethesda.net is an alias for _domainkey.email.bethesda.net. _domainkey.email.bethesda.net descriptive text "v=DKIM1; k=rsa;" "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0AgR+ZxIMUkr1tu+k4elWjPT6FT1i5leUq29MIJtR9qAOp3su69/BbaNLbuPQCxT7rvEbYj65aA/nsIqf1rKcN9aILeV5i3ABgIadt+uFC7NV3YsJ41m2B1JGoef0d845Gn8bYuP/RJIOqU15gXTqvUbHthz/4A5yAFYDebIv27VifyGPGrWNA15guBK3Xs5cLU752t5oWX9lo" "+Zl78ogyomw0/2EH/uy7jDM39qp+rIR1jBNYFSLZZhXgYGNMG9cPQSPrgaCFI06m07ADmaAUFMrRg56esuD9BxkeBpexhKRtqfY4tVlMkMSsS55E0ue76BpWHr0xNJdPuMyZMOVwIDAQAB"
So they seem to use a CNAME record.
I cannot reproduce the issue by just using CNAME for selector.domainkey.example.domain.
e.g.
aliassample._domainkey.debug.gr.jp. 3600 IN CNAME default._domainkey.debug.gr.jp.
default._domainkey.debug.gr.jp. 3600 IN TXT "v=DKIM1; k=rsa; " "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0qwM7Xk73VeWA8CxsK8xUHLc7hMJQl23tieAI/iuklzflvxxyNpXN/DlAvglGqahzW7ebYqW/zPhU33qyVGg8cYB8HAgQKditKAVEixwl7x5/7ieGRDmcczLtbyrP5dhpT6mLU6Y552fSKueeNqzPDn8leY2eXzlF6jqJ8F6+T8piSmv7MtamujT0IQlDoxF67BXuMkKYewFw" "0Fgk7eSu/5IQkINov2DRBE54CkkHR9ivLcsMlND+//emMsY+VGhyJCf4ceFZ65YIwSu6b8XTMtpIU14Cl1cskVfSaJ6IaqlCYuAfhCMwjHU3bL7Nbo47+td4MKnZRLFQjZpOq27wIDAQAB"
A sample of signed message (by using opendkim-testmsg). debug-aliassample-signed.txt
(I'll keep the DNS entry above for a while, but I would remove it later.)
We are also getting this error and are trying to figure out what is going wrong
localhost opendkim[2551617]: 7B37D3F089: key retrieval failed (s=mythic-beasts-k1, d=resourcespace.com): 'mythic-beasts-k1._domainkey.resourcespace.com' unexpected reply class/type (-1/-1)
they seem to have valid key present: host -t TXT mythic-beasts-k1._domainkey.resourcespace.com mythic-beasts-k1._domainkey.resourcespace.com is an alias for k1.resourcespace.com.dkim.mythic-beasts.com. k1.resourcespace.com.dkim.mythic-beasts.com descriptive text "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZdcKZU1LiFwqlBG+Uhv52wqUt3hRkMUjSvPJ845UK1ZNnAQzC84EBrDk73KLFgA8hE4NMMhWZRmJaJcNXzYbUdFcxCGlTfXD+KrTnXmnmY+z89SEVsifZpISGmkKJfbwUeZhgRus7WGlqnLiSWNDWWi1ECAFG19gSyQ9bHMp3476XRqPGJfYRMi1RPrYIyoA" "qxwr2Xtpm5w912UEOcpJqQ5lGInNdEjYNnvN78TnXpXzJyHeElm/jgT2Yuc+P94lWBPlcMU3uNo+zOICGJRCpjCW+mXC4/3Tt/475PGaYNXeyrRp2k267hGhoXnUK4s5tvedoeCUQvP6/YWJ6qTfQIDAQAB"
perhaps opdkim is not handling the truncation of the dns answer properly?
Can't find any info about what this error means and therefore how to rectify it. Any help appreciated.
opendkim-testkey: 'default._domainkey.***.com' unexpected reply class/type (-1/-1)