How to Fetch DKIM Records from DNS

By | 2012/10/27

DKIM is simply a TXT record in DNS. A simple host command can fetch this record. I’ll show you how!


The command is:

$ host -t TXT dkimrecord

So how do you find that dkim value?


DKIM records are in the following format:

[selector]._domainkey.[domain]

The selector and domain are provided in the email headers of an email. For example, here is a portion of an email header from a gmail to gmail email.

The d= is the domain, the s= is the selector.

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=r8R+NS5CU0Cgx5OUcPnHGiw5R1AzjGtdFQoju9HIxCo=;
        b=zXKVrJAN2Md8bLPFOzF9Tte87J3wBULQvv+7wRlPja7n/1pPGYZiaGyHOn/t61yfbQ
         x21E+17D0is7XhGzmz2cu1Xunpst2+wcC20wZoXO+VvX1AwqXo01wC+CsFENqW74kjbc
         +QdYg86dFV3w/qDBBjqWiuW5xGTIsdH0RuRexlnd4RGVQjoGQGpyyMG+LZozUiQEjhkd
         lRpF4y19/sBMDshqXuCBzGtnf6DVUNa0Q2KvJVDGGxmGaSGtgVGtk2PZoarJLBNfYm0i
         cTe2kFDdB4APmQbqg5dOUFPDz4b0wVac+9wBW+YZuhxyNvcwlKLyEMGMKZj6/q8djdIP
         F7Fw==


Here is an example DNS query. Here I am looking up gmail’s DKIM record:

$ host -t txt 20120113._domainkey.gmail.com
20120113._domainkey.gmail.com descriptive text "k=rsa\; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Kd87/UeJjenpabgbFwh+eBCsSTrqmwIYYvywlbhbqoo2DymndFkbjOVIPIldNs/m40KF+yzMn1skyoxcTUGCQs8g3FgD2Ap3ZB5DekAo5wMmk4wimDO+U8QzI3SD0" "7y2+07wlNWwIt8svnxgdxGkVbbhzY8i+RQ9DpSVpPbF7ykQxtKXkv/ahW3KjViiAH+ghvvIhkx4xYSIc9oSwVmAl5OctMEeWUwg8Istjqz8BZeTWbf41fbNhte7Y+YqZOwq1Sd0DbvYAD9NOZK9vlfuac0598HY+vtSBczUiKERHv1yRbcaQtZFh5wtiRrN04BLUTD21MycBX5jYchHjPY/wIDAQAB"


A useful website for checking and analyzing DKIM records is:

http://dkimcore.org/tools/keycheck.html