Question
If I am using multiple domains, do I need to register the DKIM public key for all domains?
Answer
According to the DKIM specification, for any domain that routes email through Email DLP, you must publish the corresponding public key as a TXT record in the DNS.
Therefore, if you are using multiple domains, you need to register the DKIM public key in the DNS for each domain.
If you want to simplify the process of rotating DKIM keys, you can also use a CNAME record to reference a TXT record registered in a single domain.
By designating one domain as the "primary domain" and placing the actual public key (TXT record) there, you can centralize key management by having other domains reference this record via a "CNAME record."
* Please note that CNAME-based DKIM setup is only supported for referencing within your own domain.
Referencing the Email DLP domain via CNAME is not supported, so please be aware.
Procedure
- Place the public key in the primary domain
Set the public key (TXT record) that will serve as the actual key in any domain (E.g., main-domain.com). - Configure references from other domains
Set the DKIM record for other domains (E.g., other-domain.com) as a CNAME that points to the TXT record in the primary domain.
Reference
Below is an example DNS configuration where the primary domain is example.com and another domain is sub-example.com. The selector used is your-selector.
| Domain | Hostname | Record Type | Value/Reference |
| example.com | your-selector._domainkey | TXT | v=DKIM1; p=(public key string) |
| sub-example.com | your-selector._domainkey | CNAME | your-selector._domainkey.example.com |
For details on generating and configuring the actual DKIM public key, please refer to the following articles.
[Email DLP] General Settings - DKIM Setup
[Email DLP] Add Domains to Existing DKIM