Change to the DKIM record hostname in recent version, caused by new feature or from using NO-IP domain provider?
d19dotca last edited by girish
I am just starting to setup a new domain on my mail server for a new client, and temporarily since we've made no DNS changes yet I set the new domain to no-op. I then went to the Mail part and enabled incoming mail, etc in preparing. I went to the Status tab and noticed that the DKIM hostname is different than all the rest. It reads cloudron-f083cc._domainkey instead of every other domain which is cloudron-d19ca._domainkey
I'm just wondering if this is a new feature to sort of randomize the string for each domain going forward, or if this is due to me setting No-IP as the domain provider before. In other words, should I be removing the domain and enabling it again with Wildcard (the one I use for other domains) to have it align better with the rest of the domains, if that's true? Or is this a new behaviour and unrelated to the No-IP thing? I didn't see this in the changelog, so trying to see if I just missed it or if it's due to the NO-IP part as that's one thing that I did differently when setting up this domain compared to all the others.
@d19dotca Yes, it's changed to be random now from 6.4. The DKIM key is stored in the database, so the changes are backward compatible.
Previously, we used have the domain name (like d19ca) as part of the DKIM subdomain. But when people changed the dashboard to something else, then they didn't want the DKIM key to still have the old subdomain in it. So, this change applies to all new domains and all types of providers. The DKIM subdomain itself is random because we allow the same domain to be added in multiple Cloudrons and thus each Cloudron will need a DKIM key of it's own to send emails.
@girish That makes a lot of sense, and a great idea. I always thought it odd to use the Cloudron domain name in there, haha. So it’s nice to see it changed.
The OCD part of me now wants to “clean up” the previous domains to use the new format, but I guess that’s not really possible is it? Might be nice to add if it’s not there already to have a way to regenerate the DKIM or something like that.
You have to delete the existing domain and readd it. There is no way currently to change existing domain.
@girish Hi Girish - I have two new clients, so I setup a second domain today on the server, and noticed it has the very same DKIM hostname in it as the earlier domain... is that expected? I assumed they were going to be random per domain, but it seems like it's just random per Cloudron host now instead?
@d19dotca Right, the suffixes are not random just unique per server. If it was random, I was afraid there is still a possibility that they can conflict across servers (and then we have to add a UI to change this etc). Currently, it is a sha256 of the admin domain. So, this is constant per cloudron.
If it was random, I was afraid there is still a possibility that they can conflict across servers
Great point - that makes sense. Thanks Girish.
Side note: I think it'd still be great for the OCD in some of us to be able to regenerate the DKIM record on demand so it not only follows the new hostname pattern in Cloudron but also generates a new key if desired too.