Testing Your DKIM Key for OpenDKIM
After publishing your DKIM key in your DNS records, you should test it to make sure everything is working as expected. Here is a step-by-step guide to testing your DKIM key with OpenDKIM:
Step 1: Run the Command Enter the following command on your Ubuntu server to test your DKIM key:
sudo opendkim-testkey -d your-domain.com -s default -vvv
Make sure to replace “your-domain.com” with your actual domain name. If everything is OK, you will see “Key OK” in the command output.
Step 2: Verify DNS Record Propagation Note that your DKIM record may need some time to propagate to the Internet. Depending on the domain registrar you use, your DNS record might be propagated instantly, or it might take up to 24 hours to propagate. You can go to https://www.dmarcanalyzer.com/dkim/dkim-check/, enter “default” as the selector, and enter your domain name to check DKIM record propagation.
Step 3: Interpret the Command Output If you see “Key not secure” in the command output, don’t panic. This is because DNSSEC isn’t enabled on your domain name. DNSSEC is a security standard for secure DNS queries. Most domain names haven’t enabled DNSSEC. There’s absolutely no need to worry about “Key not secure”. You can continue to follow this guide.
If you see the “query timed out” error, you need to comment out the following line in the /etc/opendkim.conf file and restart the opendkim.service:
TrustAnchorFile /usr/share/dns/root.key
Once you have tested your DKIM key and confirmed that it is working properly, you can rest assured that your email messages are being signed with the private key and can be verified by remote mail servers using the public key.