How to Check DKIM Record Using NSlookup

David Henegar
2 min read

To check a DKIM record using nslookup, you can use the following command:

nslookup -type=txt _domainkey.<yourdomain.com>

This will return the TXT record for the DKIM key for the domain specified. The returned record should include the "v=DKIM1" and "k=rsa" fields, indicating that the record is a valid DKIM record.

Alternatively, you can use dig command:

dig _domainkey.<yourdomain.com> TXT

You can also use online tools like:

https://mxtoolbox.com/DKIMLookup.aspx

https://dkimcore.org/tools/

to check the dkim record by providing your domain name.

How to Check DKIM Records

There are several ways to check a DKIM record for a domain:

  1. Using the command line tool nslookup or dig:

nslookup -type=txt _domainkey.<yourdomain.com> Copy codedig _domainkey.<yourdomain.com> TXT

  1. Using online tools such as:

https://mxtoolbox.com/DKIMLookup.aspx

https://dkimcore.org/tools/

  1. Checking the domain's DNS records: Look for a TXT record with a name that starts with "dkim" or "default._domainkey".
  2. Check the email headers: If a message is signed with DKIM, you can check the headers of the email to see the DKIM-Signature header.

Note that if you are unable to find the dkim record for your domain, it is possible that your domain does not have one set up or it is not set up properly. You should contact your domain administrator or hosting provider to verify or set up one.

  • Q: How can I check if my DKIM is set up correctly?
    A: You can use the nslookup or dig command to check the DKIM record for your domain, or use online tools such as https://mxtoolbox.com/DKIMLookup.aspx or https://dkimcore.org/tools/. Additionally, you can check the headers of an email that has been signed with DKIM to see if the DKIM-Signature header is present.

  • Q: What should I look for in the DKIM record to know if it is set up correctly?
    A: The DKIM record should include the "v=DKIM1" and "k=rsa" fields, indicating that the record is a valid DKIM record. The record should also include the public key for your domain, which will be used to verify the signature of outbound emails.

  • Q: What is the format of the DKIM record in DNS?
    A: DKIM record is a TXT record that starts with "dkim" or "default._domainkey" and it will contain a set of key-value pairs, like "v=DKIM1; k=rsa; p=<public key>".

  • Q: What can cause a DKIM record to fail validation?
    A: A DKIM record may fail validation if it is not set up correctly in DNS, the private key does not match the public key, or if the message has been modified in transit.

  • Q: What is the difference between SPF and DKIM?
    A: SPF (Sender Policy Framework) is used to verify that an incoming email was sent from an authorized IP address for a domain. DKIM (DomainKeys Identified Mail) is used to verify that an email was not modified in transit and was sent by an authorized user for a domain by signing the email with a digital signature.
DKIM Issues & Questions Resolved
Read next

Dmarc vs DKIM: What is the differences?

Setting up DKIMproxy with Exim for DKIM and DomainKeys signing

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Lxadm.com.

Your link has expired.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.