Articles in this section

See more

Text "p=DKIM1;" is added to domain's DKIM DNS record after migration between two Plesk servers

Avatar
Gabriel Aznarez
Updated
Follow
Plesk for Linux kb: bug ext: migrator ABT: Group A

Applicable to:

  • Plesk for Linux

Symptoms

  • A subscription example.com is migrated between two Plesk servers.

  • The following error is returned after the post-migration check of the migrated subscription:

    CONFIG_TEXT: Post-migration checks
    The DNS server at 203.0.113.2 returned incorrect DNS records. Here is the difference:
    expected 'default._domainkey.example.com. TXT v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDxHiIayxdVAy0BDmv+W/6+hUHoDPfzgPc2DFqubFraw8C2zyuudKJtMFAp3OiogVCntMU+7WwQ3wbBS6q9mNy5F8KHHdy9hTMjjrMCRpkzylAVPVvaoAZFBIPDyTDT+0rmx9sIEkGUoliWdpHceePNgtxn9oXbvlE1BTzKz9OtVwIDAQAB;', got 'default._domainkey.example.com. TXT v=DKIM1; p=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDxHiIayxdVAy0BDmv+W/6+hUHoDPfzgPc2DFqubFraw8C2zyuudKJtMFAp3OiogVCntMU+7WwQ3wbBS6q9mNy5F8KHHdy9hTMjjrMCRpkzylAVPVvaoAZFBIPDyTDT+0rmx9sIEkGUoliWdpHceePNgtxn9oXbvlE1BTzKz9OtVwIDAQAB;'
    Make sure that:
    1. The DNS zone of this domain exists in target Plesk and is enabled.
    2. All desired DNS records exist in target Plesk and are active.

    Ignore this warning if you have changed DNS zone after migration and the resolved records look fine.

  • If compare the TXT DNS record for the hostname default._domainkey.example.com on the source and target servers in the menu Domains > example.com > DNS Settings, they are indeed different - the additional text p=DKIM1; is present to the record on the target server.

    Manual querying confirms that:

    • Source server:

      # host -t TXT default._domainkey.example.com 203.0.114.1
      Using domain server:
      Name: 203.0.114.1
      Address: 203.0.114.1#53
      Aliases:

      default._domainkey.example.com descriptive text "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDxHiIayxdVAy0BDmv+W/6+hUHoDPfzgPc2DFqubFraw8C2zyuudKJtMFAp3OiogVCntMU+7WwQ3wbBS6q9mNy5F8KHHdy9hTMjjrMCRpkzylAVPVvaoAZFBIPDyTDT+0rmx9sIEkGUoliWdpHceePNgtxn9oXbvlE1BTzKz9OtVwIDAQAB;"

    • Target server:

      # host -t TXT default._domainkey.example.com 203.0.113.2
      Using domain server:
      Name: 203.0.113.2
      Address: 203.0.113.2#53
      Aliases:

      default._domainkey.example.com descriptive text "v=DKIM1; p=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDxHiIayxdVAy0BDmv+W/6+hUHoDPfzgPc2DFqubFraw8C2zyuudKJtMFAp3OiogVCntMU+7WwQ3wbBS6q9mNy5F8KHHdy9hTMjjrMCRpkzylAVPVvaoAZFBIPDyTDT+0rmx9sIEkGUoliWdpHceePNgtxn9oXbvlE1BTzKz9OtVwIDAQAB;"

Cause

The bug in the Plesk Migrator extension PMT-4640. It is planned to be fixed in one of the next versions of the extension.

Resolution

Until the bug is fixed, as workarounds:

Plesk GUI workaround

  1. Log into Plesk on the target server.

  2. Go to Domains > example.com > DNS Settings.

  3. Edit the TXT record default._domainkey.example.com so it looks like follows:

    CONFIG_TEXT: default._domainkey.example.com. TXT v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDxHiIayxdVAy0BDmv+W/6+hUHoDPfzgPc2DFqubFraw8C2zyuudKJtMFAp3OiogVCntMU+7WwQ3wbBS6q9mNy5F8KHHdy9hTMjjrMCRpkzylAVPVvaoAZFBIPDyTDT+0rmx9sIEkGUoliWdpHceePNgtxn9oXbvlE1BTzKz9OtVwIDAQAB;

Bulk workaround over CLI

  1. Connect to the Plesk server via SSH.

  2. Backup Plesk database.

  3. Create a list of DNS zone ids where "p=DKIM1;" is found:

    # plesk db -N -e "select dns_zone_id from psa.dns_recs where displayHost like 'default._domainkey.%' and (val like '% p=DKIM1;%' or displayVal like '% p=DKIM1;%');" >> dns_zone_ids.txt

  4. Verify if the domain names are the migrated ones which need the correction:

    # for id in `cat dns_zone_ids.txt`; do plesk db "select dz.name, dz.id from dns_zone as dz where dz.id=$id;";done

  5. Based on the output of step 4, remove any domain zone id from the file list if needed to skip from correcting its DNS DKIM record. Vi editor can be used for this.

  6. Run the following command to remove the "p=DKIM1;" from each DNS record based on the zone id list file:

    # for id in `cat dns_zone_ids.txt`; do plesk db "update psa.dns_recs set val = replace(val, ' p=DKIM1;', ''), displayVal = replace(displayVal, ' p=DKIM1;', '') where dns_zone_id = $id and displayHost like 'default._domainkey.%' and (val like '% p=DKIM1;%' or displayVal like '% p=DKIM1;%');"; done

Comments

4 comments

Sort by Date Votes
  • Avatar
    BP

    Taras Ermoshin it is now more than 6 months that this bug exists. Is there an ETA when it will be fixed? It is much appreciated if such "simple" bugs can be fixed faster. If you migrate a full server with DKIM-enabled domains, this is very annoying and time-consuming to fix.

    0
    Comment actions Permalink
  • Avatar
    canaldiego (Edited )

    @Taras Ermoshin, addin to what @b_p said, apart from being time-consuming, probably many users are not aware of this bug and after migrating will not notice the addition of the extra "p=DKIM1;", ending up with non compliant DKIM records that could cause serious mail deliverability problems.

    0
    Comment actions Permalink
  • Avatar
    TomBob

    we just migrated a server and this issue is still not resolved. A year later.

    0
    Comment actions Permalink
  • Avatar
    Robin Labadie

    Time to fix this one dear Plesk team. It's been an issue for way too long.

    2
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles