OpenDKIM query timed out (even with opendkim-testkey and Nameservers set)

Question

I try to set up a mail server on Debian with opendkim and opendmarc

When I receive an email, SpamAssassin refuse it because opendkim can't do the DNS query

I tested with opendkim-testkey command, the DNS query is timed out :

$ opendkim-testkey -s 20161025 -d gmail.com -vvv
opendkim-testkey: using default configfile /etc/opendkim.conf
opendkim-testkey: checking key '20161025._domainkey.gmail.com'
opendkim-testkey: '20161025._domainkey.gmail.com' query timed out

I tried to do the DNS query with dig on the server, with success

$ dig txt 20161025._domainkey.gmail.com

;; ANSWER SECTION: 20161025._domainkey.gmail.com. 282 IN TXT "k=rsa; p=MIIB[...]AB"

By reading other posts, I try to add a Nameservers, but it changes nothing at all

As anyone an idea?

score 1 · Accepted Answer · answered Nov 09 '19 at 17:34

1

I just solved my own issue :

In /etc/opendkim.conf, I commented

TrustAnchorFile       /usr/share/dns/root.key

My local dns server do already this job

answered Nov 09 '19 at 17:34

Tarkok

41
6

score 0 · Answer 2 · answered Aug 14 '20 at 12:46

0

In my case this was a firewall issue, OpenDKIM queries DNS root servers directly (see TrustAnchorFile in /etc/opendkim.conf). Opening my firewall in outgoing direction for all IP addresses in /usr/share/dns/root.key fixed the problem.

answered Aug 14 '20 at 12:46

mko

1

OpenDKIM query timed out (even with opendkim-testkey and Nameservers set)

2 Answers2