Mandrill DKIM CNAMEs resolve in dig but verification tool still says “No CNAME foun

Application Performance
1

What is the name of the domain?

What is the error number?

N/A (no Cloudflare error code)

What is the error message?

“No CNAME record found / record does not match required value” — shown by TutorCruncher’s Mandrill checker

What is the issue you’re encountering

I’m enabling DKIM for Mandrill inside TutorCruncher. Added the two required CNAMEs and set them to DNS-only (grey cloud): ↵ • mte1._domainkey → dkim1.mandrillapp.com ↵ • mte2._domainkey → dkim2.mandrillapp.com ↵ Public DNS (dig, dnschecker) returns the correct targets worldwide, but after 24 h the checker still reports both CNAMEs as missing.

What steps have you taken to resolve the issue?

  1. Confirmed both CNAME rows exist and are DNS-only. ↵ 2. Ran dig +short mte1._domainkey.hackyourcourse.com cname and for mte2: both return expected targets. ↵ 3. Flushed local DNS cache and waited >24 h. ↵ 4. Searched Community threads for similar DKIM cases.

What are the steps to reproduce the issue?

  1. Query either selector with dig → correct CNAME returns. ↵ 2. Click “Check DNS records” inside TutorCruncher → red banner “No CNAME record found”.

Screenshot of the error

Screen Shot 2025-05-19 at 08.10.34 AM.png
Screen Shot 2025-05-19 at 08.10.34 AM.png1702×2630 622 KB

2

The records are resolving, but without showing the interim CNAME
https://cf.sjr.dev/tools/check?97a9045b58d744d29de9c14f35fd732a#dns-mail

You have probably enabled CNAME flattening…

Disable it so that the CNAMEs can be seen and validated.

3

nope i have not done flattening.

4

Are you sure you don’t have global CNAME flattening enabled as in the link? Can you show a screenshot from here…
https://dash.cloudflare.com/?to=/:account/:zone/dns/settings

The record is behaving as if flattened as it’s resolving correctly to the TXT record of the CNAME target, but without showing the intermediate CNAME.

dig +short dkim1.mandrillapp.com txt
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2GGE1A9cwHjf5KYMV0GdrKcEhCVgaMSsZylGs9qItDZOgo8q3xu7TN4HbI+lPypqJ8+9Z5gH/plxnagHKxd9d2n2rSSF8jn+NS85w3jED1FShmrkNB4YqcoK+" "/uVGPCjbxqta5afs731dx9OhgsA24mu8MfszAmp+PBov/LhpXlN2vuJ3oUOZNAFKIv+K2oZGanqT9eLF1r9031omvLelDTstFmH402tPnjui4ChtVz9PI6KG2J0NarHZCCPBFhhcqZMMnIvHodYnGKn3fn6tb2WHo5e8O+dZxnyzIqBmOHX2i5jtfAyGwvgdIz160VgyKCDR9LcbWTy9wPThByqFwIDAQAB;"


dig mte1._domainkey.hackyourcourse.com txt
; <<>> DiG 9.10.6 <<>> mte1._domainkey.hackyourcourse.com txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4122
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mte1._domainkey.hackyourcourse.com. IN	TXT

;; ANSWER SECTION:
mte1._domainkey.hackyourcourse.com. 300	IN TXT	"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2GGE1A9cwHjf5KYMV0GdrKcEhCVgaMSsZylGs9qItDZOgo8q3xu7TN4HbI+lPypqJ8+9Z5gH/plxnagHKxd9d2n2rSSF8jn+NS85w3jED1FShmrkNB4YqcoK+" "/uVGPCjbxqta5afs731dx9OhgsA24mu8MfszAmp+PBov/LhpXlN2vuJ3oUOZNAFKIv+K2oZGanqT9eLF1r9031omvLelDTstFmH402tPnjui4ChtVz9PI6KG2J0NarHZCCPBFhhcqZMMnIvHodYnGKn3fn6tb2WHo5e8O+dZxnyzIqBmOHX2i5jtfAyGwvgdIz160VgyKCDR9LcbWTy9wPThByqFwIDAQAB;"
5

I’ve just noticed the DMARC record that’s currently resolving is different from your screenshot. Can you show the bar from the top of the DNS page that looks like this?

Screenshot 2025-02-22 at 22.51.42
Screenshot 2025-02-22 at 22.51.42724×127 7.67 KB

6
7

Can you show these…

1 Like
8

You were right; I unchecked that option. Let’s wait for it to propagate, and I will update you. Thank you very much.

9

thank you very much it worked

10

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.