Question
How to change the DKIM key DNS record value without causing mail delivery outages?
How to upgrade DKIM key length from 1024 bits to 2048 bits for existing domains on Plesk 18.0.55 or later without causing mail delivery outage?
Answer
Note: By default, DNS records time to live (TTL) is 24h. Any DKIM record change requires that time for the external DNS services cache to expire and in the meantime an updated DKIM sign might cause mail delivery issues when an external mail service still has the old value cached.
Apply the corresponding section depending on where the Domain DNS zone is hosted and managed from:
-
Open the DKIM key record at Domains > example.com > Hosting & DNS > DNS > default._domainkey
-
Set the TTL (time to live) to
60
(seconds) and hit Ok to apply. -
Wait for the previous TTL (1 day by default) to expire.
-
Go to Domains > example.com > Mail Settings
-
Create New DKIM Selector > Set Selector Name as test > Create
-
Under Active DKIM Selector select the radio toggle for test > Apply
-
Under Active DKIM Selector click Remove for default > **OK
** -
Repeat the same steps to create a new default DKIM selector and delete the test
Create New DKIM Selector > Set Selector Name as default > Create -
Under Active DKIM Selector select the radio toggle for default > Apply
-
Under Active DKIM Selector click Remove for test > OK > Apply.
-
Verify that the new record content is available externally following these instructions.
-
Open the DKIM key record at Domains > example.com > Hosting & DNS > DNS > default._domainkey
-
Set the TTL (time to live) to
60
(seconds) and hit Ok to apply. -
Wait for the previous TTL (1 day by default) to expire.
-
Disable and re-enable DKIM to generate the 2048 bits record from Plesk 18.0.55 or to regenerate a 1024 bits record for older versions.
-
Verify that the new record content is available externally following these instructions.
-
On your DNS server dashboard, open the DKIM TXT key record
default._domainkey.example.com
for edition. -
Set the TTL (time to live) to
60
(seconds) and apply the change. -
Wait for the previous TTL (1 day by default) to expire.
-
Open the DKIM key record at Domains > example.com > Hosting & DNS > DNS > default._domainkey
-
Set the TTL (time to live) to
60
(seconds) and hit Ok to apply. -
Wait for the previous TTL (1 day by default) to expire.
-
Go to Domains > example.com > Mail Settings
-
Create New DKIM Selector > Set Selector Name as test > Create
-
Under Active DKIM Selector select the radio toggle for test > Apply
-
Under Active DKIM Selector click Remove for default > **OK
** -
Repeat the same steps to create a new default DKIM selector and delete the test
Create New DKIM Selector > Set Selector Name as default > Create -
Under Active DKIM Selector select the radio toggle for default > Apply
-
Under Active DKIM Selector click Remove for test > OK > Apply.
-
Retrieve the
default._domainkey.example.com
value at Domains > example.com > Mail > Mail Settings > How to configure external DNS and take note of it. -
On your DNS server dashboard, set the new value for
default._domainkey.example.com
as obtained in the previous step. -
Verify that the new record content is available externally following these instructions.
-
On your DNS server dashboard, open the DKIM TXT key record
default._domainkey.example.com
for edition. -
Set the TTL (time to live) to
60
(seconds) and apply the change. -
Wait for the previous TTL (1 day by default) to expire.
-
Disable and re-enable DKIM to generate the 2048 bits record from Plesk 18.0.55 or to regenerate a 1024 bits record for older versions.
-
Retrieve the
default._domainkey.example.com
value at Domains > example.com > Mail > Mail Settings > How to configure external DNS and take note of it. -
On your DNS server dashboard, set the new value for
default._domainkey.example.com
as obtained in the previous step. -
Verify that the new record content is available externally following these instructions.
Comments
0 comments
Please sign in to leave a comment.