Question
How to change the DKIM key DNS record value without causing mail delivery outages?
How to upgrade DKIM key length from 1024 bits to 2048 bits for existing domains on Plesk 18.0.55 or later without causing mail delivery outage?
Answer
Note: By default, DNS records time to live (TTL) is 24h. Any DKIM record change requires that time for the external DNS services cache to expire and in the meantime an updated DKIM sign might cause mail delivery issues when an external mail service still has the old value cached.
Apply the corresponding section depending on where the Domain DNS zone is hosted and managed from:
DNS zone is hosted and managed by Plesk
-
Open the DKIM key record at Domains > example.com > Hosting & DNS > DNS > default._domainkey
-
Set the TTL (time to live) to
60
(seconds) and hit Ok to apply. -
Wait for the previous TTL (1 day by default) to expire.
-
Disable and re-enable DKIM to generate the 2048 bits record from Plesk 18.0.55 or to regenerate a 1024 bits record for older versions.
-
Verify that the new record content is available externally following these instructions.
DNS zone is hosted and managed externally
-
On your DNS server dashboard, open the DKIM TXT key record
default._domainkey.example.com
for edition. -
Set the TTL (time to live) to
60
(seconds) and apply the change. -
Wait for the previous TTL (1 day by default) to expire.
-
Disable and re-enable DKIM to generate the 2048 bits record from Plesk 18.0.55 or to regenerate a 1024 bits record for older versions.
-
Retrieve the
default._domainkey.example.com
value at Domains > example.com > Mail > Mail Settings > How to configure external DNS and take note of it. -
On your DNS server dashboard, set the new value for
default._domainkey.example.com
as obtained in the previous step. -
Verify that the new record content is available externally following these instructions.