# OpenDKIM does not use my own name servers



## IPTRACE (Mar 23, 2017)

I use OpenDKIM and it works ok.
I pnly have a problem with verifing incoming mails.


```
opendkim[]: key retrieval failed (s=20161025, d=gmail.com): '20161025._domainkey.gmail.com' unexpected reply class/type (-1/-1)
```
The following command works s I'm able to verify DNS entries from the server.
`host -t TXT 20161025._domainkey.gmail.com`
Result:
`20161025._domainkey.gmail.com descriptive text "k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMI...`

I've set the following string in opendkim.conf as well.

```
Nameservers             217.17.34.68, 62.179.1.61, 208.67.220.220
```
But I caught the opendkim still uses the different name servers...?!
I don't want to use other NS than mine...

```
block out on vtnet0: 10.10.10.20.53903 > 192.112.36.4.53: 1681% [1au] NS? . (28)
block out on vtnet0: 10.10.10.20.8354 > 198.41.0.4.53: 53879% [1au] NS? . (28)
block out on vtnet0: 10.10.10.20.48664 > 199.7.91.13.53: 57798% [1au] NS? . (28)
block out on vtnet0: 10.10.10.20.13022 > 192.203.230.10.53: 11644% [1au] NS? . (28)
```

Does somebody have such experience with that?


----------



## IPTRACE (Mar 23, 2017)

I've researched the OpenDKIM code and found that app uses unbound library to get DNS data.
So I've manually compiled the code using ports (I used before pkg) and unset UNBOUND option and set _STOCK_RESOLVER using `make config` before compiling.

I've caught TCP/IP traffic and reply comes.

```
pass out on vtnet0: 10.10.10.20.42688 > 217.17.34.68.53: 11728+ TXT? 20161025._domainkey.gmail.com. (47)
pass in on vtnet0: 217.17.34.68.53 > 10.10.10.20.42688: 11728| 1/2/0 TXT "k=rsa; p=MIIBIjAN....................
```
But the error is different now.

```
opendkim[]: key retrieval failed (s=20161025, d=gmail.com): '20161025._domainkey.gmail.com' query failed
```

I see in log file that opendkim waits to reply...


----------



## IPTRACE (Mar 23, 2017)

Found. One of my server dropped TCP traffic on port 53.
OpenDKIM works like a charm.


----------



## drhowarddrfine (Mar 23, 2017)

IPTRACE said:


> found that app uses unbound library to get DNS data.


Cause unbound is default on FreeBSD.


----------

