OpenDKIM does not use my own name servers

IPTRACE

Well-Known Member

Reaction score: 24
Messages: 321

I use OpenDKIM and it works ok.
I pnly have a problem with verifing incoming mails.

Code:
opendkim[]: key retrieval failed (s=20161025, d=gmail.com): '20161025._domainkey.gmail.com' unexpected reply class/type (-1/-1)
The following command works s I'm able to verify DNS entries from the server.
host -t TXT 20161025._domainkey.gmail.com
Result:
20161025._domainkey.gmail.com descriptive text "k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMI...

I've set the following string in opendkim.conf as well.
Code:
Nameservers             217.17.34.68, 62.179.1.61, 208.67.220.220
But I caught the opendkim still uses the different name servers...?!
I don't want to use other NS than mine...
Code:
block out on vtnet0: 10.10.10.20.53903 > 192.112.36.4.53: 1681% [1au] NS? . (28)
block out on vtnet0: 10.10.10.20.8354 > 198.41.0.4.53: 53879% [1au] NS? . (28)
block out on vtnet0: 10.10.10.20.48664 > 199.7.91.13.53: 57798% [1au] NS? . (28)
block out on vtnet0: 10.10.10.20.13022 > 192.203.230.10.53: 11644% [1au] NS? . (28)

Does somebody have such experience with that?
 
OP
IPTRACE

IPTRACE

Well-Known Member

Reaction score: 24
Messages: 321

I've researched the OpenDKIM code and found that app uses unbound library to get DNS data.
So I've manually compiled the code using ports (I used before pkg) and unset UNBOUND option and set _STOCK_RESOLVER using make config before compiling.

I've caught TCP/IP traffic and reply comes.
Code:
pass out on vtnet0: 10.10.10.20.42688 > 217.17.34.68.53: 11728+ TXT? 20161025._domainkey.gmail.com. (47)
pass in on vtnet0: 217.17.34.68.53 > 10.10.10.20.42688: 11728| 1/2/0 TXT "k=rsa; p=MIIBIjAN....................
But the error is different now.
Code:
opendkim[]: key retrieval failed (s=20161025, d=gmail.com): '20161025._domainkey.gmail.com' query failed

I see in log file that opendkim waits to reply...
 
OP
IPTRACE

IPTRACE

Well-Known Member

Reaction score: 24
Messages: 321

Found. One of my server dropped TCP traffic on port 53.
OpenDKIM works like a charm.
 
Top