DKIM records Office 365


#1

Hi,
I want to enable DKIM in Office 365 but the records are recognized by Microsoft.
I read some post about this on this forum, but none of them gives a (working) solution.

I can’t enable or disable the ‘orange cloud’ since it is not visible on the 2 CNAME records.

I have added those 2 records. (I changed my domain guid to domain-com and initial domain to initial-domain

selector1._domainkey
selector1-domain-com._domainkey.initial-domain.onmicrosoft.com
TTL: Auto

selector2._domainkey
selector2-domain-com._domainkey.initial-domain.onmicrosoft.com
TTL: Auto

I have added them with an ‘grey cloud’. But since I can’t change that I believe that is not working on those records. (I have read that the records are automatically recognized as an domainkey)

What is going wrong here? For an other domain I have changed the nameserver to Microsoft, so it isn’t using Cloudflare anymore, but for this domain I want a kind of flexible DNS (with the API) so moving is not an option.


#2

when you dig remotely on the nameservers do you find the records but microsoft doesn’t?


#3

Just to verify, its supposed to be

yourdomain.onmicrosoft.com

and not

yourdomain-com.onmicrosoft.com

right?

The Cloudflare CNAME record should look like the following:

NAME
selector1._domainkey

VALUE
selector1-yourdomain-com._domainkey.yourdomain.onmicrosoft.com

and when you dig selector1._domainkey.yourdomain.com using TXT, you should see the key.

https://mxtoolbox.com/SuperTool.aspx?action=dkim%3Aselector1._domainkey.yourdomain.com&run=networktools# If that doesn’t work, perhaps you can share the domain.


#4

Jep, and that is exactly what I use :slight_smile:
Only the domain after selecter1-[…] uses dashes (instead of points).


#5

Yep, I used https://toolbox.googleapps.com/apps/dig/
And this is what I got:

id 56378
opcode QUERY
rcode NOERROR
flags QR RD RA
;QUESTION
selector1._domainkey.domain.com. IN A
;ANSWER
selector1._domainkey.domain.com. 299 IN CNAME selector1-domain-com._domainkey.initial-domain.onmicrosoft.com.
;AUTHORITY
onmicrosoft.com. 299 IN SOA ns1-208.azure-dns.com. azuredns-hostmaster.microsoft.com. 1 3600 300 2419200 300
;ADDITIONAL

#6

Then the issue is with Microsoft not able to resolve the records.

Try to get in touch with MS support and check why they’re unable to resolve the records from their resolves


#7

Is excellentelectronics.com the domain? If so, the NS is pointed to nsg1.namebrightdns.com and nsg2.namebrightdns.com and it seems that the domain is listed as for-sale

And what’s the -com.com? It might help us better if we have the right domain or you can create a new service request as @bashar mentioned. Takes no time to get a call back from Microsoft support.


#8

Nope that is the initial domain and it is not .com (I forgot to change it…)
-com.com should be, of course, only -com. I will change my reply and open an ticket by Microsoft.


#9

If possible, please share the solution when your all fixed up or let us know if you need more help.


#10

I will do!


closed #11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.