OpenDKIM icon indicating copy to clipboard operation
OpenDKIM copied to clipboard

Published 20 hours ago verified publisher icon trusteddomainproject

Unexpected reply error

Open cavaughankirov opened this issue 1 year ago • 4 comments

Can't find any info about what this error means and therefore how to rectify it. Any help appreciated.

opendkim-testkey: 'default._domainkey.*******.com' unexpected reply class/type (-1/-1)

cavaughankirov avatar May 18 '23 12:05 cavaughankirov

The message came from libopendkim/dkim-keys.c and caused by the DNS response for the query for 'default._domainkey.*******.com' TXT type.

So if you can use dig or other DNS query tools and can watch the response for the query above, it might be helpful.

futatuki avatar Mar 13 '24 07:03 futatuki

I got the same error for the DKIM record for mails from mail.bethesda.net: key retrieval failed (s=zenimaxmedia, d=email.bethesda.net): 'zenimaxmedia._domainkey.email.bethesda.net' unexpected reply class/type (-1/-1)

host -t TXT zenimaxmedia._domainkey.email.bethesda.net returns:

zenimaxmedia._domainkey.email.bethesda.net is an alias for _domainkey.email.bethesda.net. _domainkey.email.bethesda.net descriptive text "v=DKIM1; k=rsa;" "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0AgR+ZxIMUkr1tu+k4elWjPT6FT1i5leUq29MIJtR9qAOp3su69/BbaNLbuPQCxT7rvEbYj65aA/nsIqf1rKcN9aILeV5i3ABgIadt+uFC7NV3YsJ41m2B1JGoef0d845Gn8bYuP/RJIOqU15gXTqvUbHthz/4A5yAFYDebIv27VifyGPGrWNA15guBK3Xs5cLU752t5oWX9lo" "+Zl78ogyomw0/2EH/uy7jDM39qp+rIR1jBNYFSLZZhXgYGNMG9cPQSPrgaCFI06m07ADmaAUFMrRg56esuD9BxkeBpexhKRtqfY4tVlMkMSsS55E0ue76BpWHr0xNJdPuMyZMOVwIDAQAB"

So they seem to use a CNAME record.

buschmann23 avatar Apr 03 '24 19:04 buschmann23

I cannot reproduce the issue by just using CNAME for selector.domainkey.example.domain.

e.g.

aliassample._domainkey.debug.gr.jp. 3600 IN CNAME default._domainkey.debug.gr.jp.
default._domainkey.debug.gr.jp. 3600 IN  TXT     "v=DKIM1; k=rsa; " "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0qwM7Xk73VeWA8CxsK8xUHLc7hMJQl23tieAI/iuklzflvxxyNpXN/DlAvglGqahzW7ebYqW/zPhU33qyVGg8cYB8HAgQKditKAVEixwl7x5/7ieGRDmcczLtbyrP5dhpT6mLU6Y552fSKueeNqzPDn8leY2eXzlF6jqJ8F6+T8piSmv7MtamujT0IQlDoxF67BXuMkKYewFw" "0Fgk7eSu/5IQkINov2DRBE54CkkHR9ivLcsMlND+//emMsY+VGhyJCf4ceFZ65YIwSu6b8XTMtpIU14Cl1cskVfSaJ6IaqlCYuAfhCMwjHU3bL7Nbo47+td4MKnZRLFQjZpOq27wIDAQAB"

A sample of signed message (by using opendkim-testmsg). debug-aliassample-signed.txt

(I'll keep the DNS entry above for a while, but I would remove it later.)

futatuki avatar Apr 04 '24 09:04 futatuki

We are also getting this error and are trying to figure out what is going wrong

localhost opendkim[2551617]: 7B37D3F089: key retrieval failed (s=mythic-beasts-k1, d=resourcespace.com): 'mythic-beasts-k1._domainkey.resourcespace.com' unexpected reply class/type (-1/-1)

they seem to have valid key present: host -t TXT mythic-beasts-k1._domainkey.resourcespace.com mythic-beasts-k1._domainkey.resourcespace.com is an alias for k1.resourcespace.com.dkim.mythic-beasts.com. k1.resourcespace.com.dkim.mythic-beasts.com descriptive text "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtZdcKZU1LiFwqlBG+Uhv52wqUt3hRkMUjSvPJ845UK1ZNnAQzC84EBrDk73KLFgA8hE4NMMhWZRmJaJcNXzYbUdFcxCGlTfXD+KrTnXmnmY+z89SEVsifZpISGmkKJfbwUeZhgRus7WGlqnLiSWNDWWi1ECAFG19gSyQ9bHMp3476XRqPGJfYRMi1RPrYIyoA" "qxwr2Xtpm5w912UEOcpJqQ5lGInNdEjYNnvN78TnXpXzJyHeElm/jgT2Yuc+P94lWBPlcMU3uNo+zOICGJRCpjCW+mXC4/3Tt/475PGaYNXeyrRp2k267hGhoXnUK4s5tvedoeCUQvP6/YWJ6qTfQIDAQAB"

perhaps opdkim is not handling the truncation of the dns answer properly?

fcmildef avatar Aug 07 '24 12:08 fcmildef