Context
OpenDKIM is not able to verify DKIM on inbound emails as it's not able to retrieve public key from DNS. The following error logs are observed in logs key retrieval failed - query timed out
Expected Behavior
OpenDKIM should be able to download public key from DNS.
Actual Behavior
OpenDKIM appears to be using root name servers instead of the name servers defined in /etc/resolv.conf. This breaks DNS in environments where outbound firewall rules restrict access to specific name servers (ie. those defined in /etc/resolv.conf).
Possible Fix
Set the Nameservers parameter in /etc/opendkim.conf to the name servers defined in /etc/resolv.conf
Context
OpenDKIM is not able to verify DKIM on inbound emails as it's not able to retrieve public key from DNS. The following error logs are observed in logs
key retrieval failed - query timed outExpected Behavior
OpenDKIM should be able to download public key from DNS.
Actual Behavior
OpenDKIM appears to be using root name servers instead of the name servers defined in /etc/resolv.conf. This breaks DNS in environments where outbound firewall rules restrict access to specific name servers (ie. those defined in /etc/resolv.conf).
Possible Fix
Set the
Nameserversparameter in /etc/opendkim.conf to the name servers defined in /etc/resolv.conf