In the current article, we review the “formula” that we can use for calculating the…
The task of getting the value of the DKIM records for a specific domain name in Office 365 based environment, can be described as a “challenging task, ” because, at the current time, there is no “user-friendly” graphic interface that can provide us the information that we need.
Article Series Table Of Content| Click to expand
Manage outbound DKIM signing in Office 365 | Office 365 | Article Series
The only way for getting the required DKIM host name records is, by implementing a “manual calculation (which was reviewed in a former article) or, by using a PowerShell command that will get us the required DKIM host names.
The additional challenge that stands before of us is, that the PowerShell command that we use, provide only a “partial information” about the Hostnames that we will need to use for creating the required DKIM CNAME records.
To make your life easier, I have written a small PowerShell script , that will “fetch” the required data about the DKIM host names and present the information in a more user-friendly way.
Getting the information about the DKIM CNAME in Office 365
A quick reminder about the implementation of DKIM in Office 365 and the “structure” of CNAME record.
In Office 365 based environment, we need to create two CNAME records, that will be used for outbound DKIM signing for a specific domain name that is hosted at Office 365.
Any CNAME record consists of “two parts”:
- Part 1#2 – The host name whom the DNS client asks about.
- Part 2#2 – The “additional host name” to which the DNS client will be redirected.
When I wrote the current article series about the – “DKIM infrastructure in Office 365,” the only way that was available for Office 365 customers to get the specific values that need to be configured in the DKIM CNAME records were – by using a long and exhausting process.
The solution was based on a process in which we need to use a “manual formula,” that was supposed to generate the required “values” (hostnames) that we need to use for the two “DKIM CNAME records.”
Note – If you are still interested in the method of – generating the required DKIM CNAME records by using the “Office 365 DKIM formula,” you can read the following article – Calculating manually the value of the Office 365 DKIM selector hostname | Part 6#10
Along the way, Microsoft decided to provide PowerShell cmdlets, that will enable us to “get” the required information about – the values that we need to use for the DKIM CNAME records (for our specific domain name).
This is a better solution versus the “manual calculation” of the “Office 365 DKIM formula” but the “PowerShell solution” is not perfect because the process sufferers from major drawback – the PowerShell output that we get, is related only to the “second part” of DKIM CNAME record.
In other words, the PowerShell output provides us only “half of the required information” that is needed for the purpose of – creating two CNAME records.
I believe that most of us would expect to get a more “clear” output that just says something
like: “dear sear \ lady, the DKIM CNAME records that you need to create will need to include the following values: X, Y, Z””
For this reason, I write a little PowerShell script that supposed to simplify the task of “fetching” the required information about the – content of the DKIM CNAME records per.
I believe that in the future, the “Office 365 guys,” will provide some “graphic interface,” that will help us to understand beater the exact syntax that we need to use for our DKIM CNAME records pair.
Option 1#2 - Getting the host name of Office 365 DKIM selector using PowerShell
To get the information about the Office 365 selectors host names for a specific domain name, we use the PowerShell command – Get-DkimSigningConfig.
It is important to emphasize that this PowerShell command will provide the information only about the “second part” of the CNAME record that we will need to create.
The PowerShell syntax that we need to use is as follows:
PowerShell command syntax
Get-DkimSigningConfig <domain name> | FL *CNAME
For example, in our scenario, we wish to get the information about the Office 365 DKIM selectors record that represents the domain name – o365pilot.com, we use the following syntax:
Get-DkimSigningConfig o365pilot.com | FL *CNAME
PowerShell console output example
Get-DkimSigningConfig o365pilot.com | FL *CNAME Selector1CNAME : selector1-o365pilot-com._domainkey.o365info2.onmicrosoft.com Selector2CNAME : selector2-o365pilot-com._domainkey.o365info2.onmicrosoft.com
In the following screenshot, we can see the result of the PowerShell
In our specific example, the “second part” of the two DKIM CNAME records that we need to create will redirect DKIM DNS queries to the following host names:
The “first part” of the Office 365 DKIM record
Notice that the “complete” syntax for the DKIM CNAME record includes two parts.
As mentioned, the PowerShell command Get-DkimSigningConfig, provide us only the “second part” of the DKIM CNAME record.
The “first part” of the Office 365 DKIM record is a “fixed value,” that we use for all the public domain and its used by every Office 365 tenants.
For example, in a scenario in which we need to define the “first part” of the CNAME records, for the domain name – o365pilot.com, the syntax will be implemented as follows:
First CNAME record The “first part” of the “first Office 365 DKIM CNAME record” is always – Selector1._domainkey.
The FQDN (Fully Qualified Domain Name) of the host in our example will be:
Second CNAME record The “first part” of the “second Office 365 DKIM CNAME record” is always –Selector2._domainkey.
The FQDN (Fully Qualified Domain Name) of the host in our example will be:
Option 2#2 - How to use the – “Show my Office 365 CNAME DKIM records” PowerShell script
To make this task more user-friendly, I have created a simple menu based PowerShell script, that will “fetch” the information about the required syntax for an Office 365 DKIM CNAME record (for a specific domain name), and display the information in a convenient way to understand.
Running the Show my Office 365 CNAME DKIM records” PowerShell script
We will run the menu based PowerShell script – “Show me CNAME DKIM records,” by using standard PowerShell console.
In case that this is the first time that you run a PowerShell script, you will need to “allow” PowerShell console to run a PowerShell script.
- Right click on the PowerShell console icon, and select the menu “Run as Administrator”
- Copy and paste the following command – Set-ExecutionPolicy Unrestricted –force
- From the PowerShell console, you will need to “call” the dkim.ps1 PowerShell script.
Step 1#2 – login to Exchange Online using remote PowerShell session
To initialize the remote PowerShell session to Exchange Online, select the menu option “1”
( 1) Login to Exchange Online using Remote PowerShell)
Provide your Office 365 Global Administrator credentials
Step 2#2 – display and export information about Office 365 DKIM CNAME records for a specific domain name.
Select menu option number “2” (the menu named – 2)
(2) View and export information on the DKIM host name record for a specific Domain name)
You will need to provide the specific domain name.
This is the “domain name,” for which we need to get the information about the Office 365 DKIM CNAME record hosts names.
In our example, the domain name is – o365pilot.com
The information about the Office 365 DKIM CNAME record hosts names is:
- Displayed on the PowerShell console.
- Exported to files to a new folder named- INFO\DKIM Record Settings that will be created on Drive C:
In the following screenshot, we can see the result.
The information displayed on the PowerShell console, describe the host names whom we need to define for the two DKIM CNAME records.
In the following screenshot, we can see the new INFO folder that was created.
The files are stored in the folder named – DKIM Record settings.
We can see that the information is stored in a TEXT file + HTML file.
Using an HTML file enables us to understand better the specific host name that we need to create because the information includes a screenshot.
In the following screenshot, we can see the structure of the HTML file.
The HTML file includes the required information for the two DKIM CNAME records that we will need to create.
In the following screenshot, we can see the result for the domain name that we provide (o365pilot.com in our example).
Part A – this is the “first part” of the DKIM CNAME record that we need to publish.
In our specific example, the first part of the DKIM CNAME record is the host name – Selector1._domainkey.
Part B – this is the “second part” of the DKIM CNAME record that we need to publish.
In our specific example, the second part of the DKIM CNAME record is the host name –
Part C – this is just a “sample” screenshot, that demonstrates the structure of a “standard CNAME record”, and the “locations” which we need to use for “entering” the specific host names.
The DKIM menu based PowerShell script.
The DKIM menu based PowerShell script, include additional options.
For example, by using the menu option “3” (the menu named – 3) (3) View and export information about the DKIM host name record for ALL Domain names), we can view and export information about the Office 365 DKIM CNAME record, for all the existing domain names, including the onMicrosoft domain names.
In the following screenshot, we can see the results.
The next step
The next step is creating the required DNS CNAME records.
In the next article, you can find a step by step guide that will walk you through the process.
Download the “Show me my DKIM host name record” PowerShell script
For your convenience, I have “Wrapped” all the PowerShell commands that were reviewed in the article,
in a “Menu Based” PowerShell Script.
In case you want to get more detailed information about how to use the o365info menu PowerShell script, you can read the following article