I created a second virtual server in Virtualmin, but I’m having issues with mails on that newly added website only (I have no issue on the first website of the first virtual server) when testing with mail-tester.com. Below are the messages I’m getting from the test.
" Your DKIM signature is not valid"
" We were not able to retrieve your public key.
Please ensure that you inserted your DKIM TXT DNS record on your domain domain.com using the selector 202111 .(I don’t understand this instruction).
If you recently modified your DNS, please be patient and test again your Newsletter in 12 hours, it may take some time for the DNS to be propagated" (it has been more than 24 hours)
Any hint on how to fix this please?
Thanks!
The error is due to an incorrect or missing / malformed DNS record.
Are you using Virtualmin’s DNS for the domain or are you using the domain registrar’s dns / some third party DNS? If the latter, than you must insure that the DKIM related DNS records that you have manually created match the ones exactly that Virtualmin’s DNS has created for the domain at Virtualmin → Server Configuration → DNS Records.
You must be careful when copying over the DKIM DNS record. Some third-party DNS services (for example AWS’ Route 53) do not accept the long content that txt records such as DKIM have and expect these long content records to be broken up in chunks of 64 bytes or less. If you don’t know how to do that, see Need help about DKIM concept & setup - #2 by calport
I have the name server as serv.mydomain.com (on both virtual servers and mydomain.com is the domain name of the website used on the first virtual server. The name server was set by Virtualmin when creating the new virtual server).
The domain name is provided/hosted by Netfirms.com, where two name servers (ns1.netfirms.com and ns2.netfirms.com) are set with the IP address of this Virtualmin server. Based on what you said, I see different types of name servers been used here; svr.mydomain.com on the new virtual server (set by Virtualmin) and two different ones (ns1.netfirms.com and ns2.netfirms.com) on Netfirms.com.
Could this be the source of my problem?
Thanks!
If your domain is pointing at “ns1.netfirms.com” and “ns2.netfirms.com”, you need to setup ALL DNS records including but not limited to your DKIM record at Netfirms as it is looking at their servers for these records, NOT your Virtualmin server.
The DKIM record itself is generated by OpenDKIM and can be found in Virtualmin (as presumably Virtualmin server is sending the email and therefore signing the messages) but if the above is true, Netfirms is handling DNS for you.
Thank you.
Is it possible to manage all the DNS in the new virtual server instead? I found it easier (like for the first virtual server) to manage it from Virtualmin, instead of Netfirms.com (I tried do do it in Netfirms but was having many issues creating the DKIM there).
For the first virtual server (that is working well), I created two private name servers in Netfirms (ns1.mydomain.com and ns2.mydomain.com) and I added those name servers in Virtualmin DNS section. But, for the new virtual server, I tried the same before (with ns1.mynewdomain.com and ns2.mynewdomain.com) and the DNS for the new server could not propagate in the US after more than 48 hours. If this similar approach cannot work on the new virtual server, I will try again in Netfirm.
Thanks again!
You will need to establish either a system wide “pair” of nameservers (ex. ns1.domain.com and ns2.domain.com) or individual pairs for each domain depending on your needs. The former is easier, however you will need a pair to be compliant with DNS standards.
Then you’ll need to point all domains hosted to those pairs instead of Netfirm’s servers in order to make use of the records generated by Virtualmin.
Since you should have a basic understanding of DNS in order to get this setup correctly, I won’t go into details on how or where you would do all this as it’s outside the scope of your initial issue.
If you’d like to have things professionally setup and explained, I’d be happy to work things out for you, you can request my formal assistance should you be interested at: https://tpnassist.com
The work needed should take less than an hour, so the costs should be reasonable accordingly.
OK, to use the same pair of nameservers (ex. ns1.domain.com & ns2.domain.com) for all domains or virtual servers, should I create private nameservers on all domains using the same nameservers? I meant is it possible to create the same nameservers (ex. ns1.domain.com & ns2.domain.com) on multiple domain names, all pointing to the same IP address?
Thanks!
It is possible, but you almost certainly should not. It’s a pain in the ass to spring up new name servers from scratch. Registrars are usually pretty ornery about how the glue records get setup, often you need to use the hostnames of the name servers (rather than letting you provide the IP addresses and the names), which means the zone already needs to exist and be hosted elsewhere…then you change the IPs in those records to point to the new servers. It’s a whole dance. There is probably no good reason to do it that way. Do the dance for one set of name servers and use those name servers for all of your Virtualmin domains.