DNS provider
Add a DKIM record in Google Cloud DNS
DKIM publishes a public key at selector._domainkey.yourdomain. Copy the exact string your mail provider gives you.
Provider gotcha: The DNS name field for apex records must use a trailing dot:
example.com. — FQDN form. Omitting the dot can create the wrong relative name.See DKIM DNS.
Step by step
Step 1 Google Cloud Console → Network services → Cloud DNS → your zone → Add standard (or Add record set).
Step 2 Name/host: your selector +
._domainkey (Use FQDN with trailing dot for clarity on apex; for _dmarc use _dmarc.example.com. in the name field.).Step 3 Value from your ESP (often one long string):
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBA...
Step 4 Save. Truncated keys fail open verification. The DNS name field for apex records must use a trailing dot:
example.com. — FQDN form. Omitting the dot can create the wrong relative name.Step 5 If the UI splits into 255-char chunks, that is normal for DNS — the full key must still be complete.
Step 6 Send test mail; run DNS Preflight for DKIM strength. DKIM guide.
DNS Preflight — full auth check for your domain.
Propagation — compare resolvers.
FAQ
What name do I enter for DKIM?
selector._domainkey as your provider’s UI expects — see the gotcha on this page for your host.
Why dkim=fail?
Truncated key, wrong selector, or signing with a different selector than DNS.
2048 vs 1024?
Prefer 2048-bit keys; rotate 1024-bit legacy keys.
Does Google Cloud DNS split long TXT?
Many providers auto-chunk; ensure the full key is present.
How to test?
Send mail and check headers — then DNS Preflight for the published key.