Cloudflare reformats DKIM which then won't authenticate

I’m running into an issue with DKIM and Google Apps that I’ve spoken to both Google and my web host about to no avail. Can anyone here help?

I’ve tried settings this up with both 1024 and 2048 keys, and by using the Cloudflare wizard and by manually adding a TXT record. All have returned the same result.

I copy the DKIM key from Google Apps admin and paste it into the TXT record. For example:

v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlArz6G2iJyJcPiuONG9FmmlGIzxMfHms1bDT1UCWBW9zEvMEBjUI40nrJbIZucKsIqZHFAIpy18Se5fkKwo62GFMVM5veqMnf2Jgq0uyVLh1i4/zXyDtyLUFnWZAXdd7UGfT5itw4Orsw1M93oTGUVpRUClHlI6rfjIDAWfh8cFNxYp51o1k/2czTPYtLkkJ3BAZbluROIVo5eH1yVHkx/+cSDgpTkmuMHlOdP1pp1dpQxC9nlw2LH3jICdkCFo7Dvwer1UWyBsYrYtbpyJwBjklvJDszvqwDheuNAat38qoZoj1uiNTIJXTIVL8gBBCQ4DzpCP7LnYk/8txmW1gVwIDAQAB

After about 12 hours Cloudflare reformats the DKIM to this:

v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozbBhZuA7k5D2y+Ubt" “XJ/FmeBaPSkDt+f6MQooideSoifurMdZ7j1T56dnrr+4Xm7WWNg9nqWG9gs2jFnMKrnoeD6v4COJc92q” “nQcX300R3ApIi5pZOA/+67vBdkA2JCTXDbLVI27tV1P5MpCxEQsOrNQNeWp2DPEEEJQmXOf+XJiU+V7j” “5bK1SE1OBfyViHqI6C6HfuCsRrIpbKGe+YuXutDMTniIt1TvEWseRO5bbmM9h6QkrF0srw4f9liQ2P5Y” “NpmHHDThnyi9q4EQ+RHcjQx/kftHtNM3+siFNEeOaI92M4jsFltIzeBmaKxbxUcTNJI+KcoihRIeTWhO” "XQWQIDAQAB

When I do a dig command it shows up like this:

"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAozbBhZuA7k5D2y+Ubt\" \"XJ/FmeBaPSkDt+f6MQooideSoifurMdZ7j1T56dnrr+4Xm7WWNg9nqWG9gs2jFnMKrnoeD6v4COJc92q\" \"nQcX300R3ApIi5pZOA/+67vBdkA2JCTXDbLVI27tV1P5MpCxEQsOrNQNeWp2DPEEEJQmXOf+XJiU+V7j\" \"5bK1SE" "1OBfyViHqI6C6HfuCsRrIpbKGe+YuXutDMTniIt1TvEWseRO5bbmM9h6QkrF0srw4f9liQ2P5Y\" \"NpmHHDThnyi9q4EQ+RHcjQx/kftHtNM3+siFNEeOaI92M4jsFltIzeBmaKxbxUcTNJI+KcoihRIeTWhO\" \"XQWQIDAQAB"

When I then try to authenticate the DKIM in Google Apps Admin it doesn’t work.

Any ideas how I can solve this?

Are you saying that for the first 12 hours, the dig command shows as expected?

What’s the full hostname of the DKIM record?

@sdayman It’s google._domainkey.electricteeth.co.uk

Yes the dig command shows as expected until Cloudflare reformats the content of the TXT record to have the double quotes and the backslashes.

I understand the double quotes are used because of the character limit for the TXT record, but it seems like the backslashes are throwing it off somehow?

That domain is using Ezoic. They often make unexpected changes to DNS. Have you asked them about this?

Ah no I haven’t. The site no longer runs Ezoic ads so that could be removed. I will try that and report back if the problems persists.

Thank you.

They might still have the Global API key to your account. I suggest you change that. And your password if that was part of your onboarding process.

https://support.cloudflare.com/hc/en-us/articles/200167836-Managing-API-Tokens-and-Keys#12345682

1 Like

@sdayman Thanks for the help, since removing the Ezoic integration everything is working as expected.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.