Issue Bad RSA signature - DKIM fails

[Josch]

Hi,

I've searched a lot and need to clarify something.

I have a problem when trying to validate via dkimvalidator.com. I get

Validating Signature​

result = fail
Details: bad RSA signature

I checked, if the TXT record for default._domainkey.example.com is the same on all nameservers, described here:

Outbound emails do not pass DKIM verification when DNS is hosted externally

Applicable to: Plesk for Linux Plesk for Windows Symptoms Outbound emails do not pass DKIM verification. The following can be found in source message on recipient side: ARC-Authentication-Resu...

support.plesk.com

and the domainkeys are different.

Now I read, that the DNS zones may not be updated. Here is the support article:

Plesk does not update BIND zones

Applicable to: Plesk Onyx for Linux Symptoms When Domains > example.com > DNS Settings is changed, changes are not applied to BIND. CLI utility fails with the following error: # /opt/psa...

support.plesk.com

I checked

cat /etc/bind/rndc.key

and

cat /etc/named.conf

and the secrets are not the same. Do these both secrets have to be exact the same ones?

In rndc.key I have the following:

key "rndc-key" {
    algorithm hmac-sha256;
    secret "some-long-secret-key-with-44-digits";
};

and in named.conf I have

key "rndc-key" {
    algorithm hmac-md5;
    secret "another-secret-key-with-24-digits";
};

Could that be the cause of my problem?

Any help is appreciated.

Thanks in advance and regards

Josch