Udostępnij za pośrednictwem


What’s in a CNAME?

Enabling DKIM email signing in Office 365 is much easier than doing this on-premises yourself. Most of the hard work is already done for you in the tenant. That doesn’t mean that there’s no work to do, but it’s easier. Terry Zink has a great article on doing this, and I recommend reading it before going too far down this road. Most people don’t even need to go down this path, since DKIM is already added to outbound email automatically. If you’re looking to keep all your domains separate, however, you may want to enable the manual config so that the DKIM signature is aligned with the domain. Terry explains this better here.

Are you still with me? Good. So, you’ve decided to deploy this using the manual method, to get the signatures aligned to the domain. And you have tons of domains and need two tons of DNS entries. How do you get them all without any typos? I put together a little script to help with this.

 #DkimCnames.ps1 | grb | 9/9/2016
#Pulls CNAME values from tenant, where DKIM is disabled, and puts these into a csv file

#Some basics. Get & format the date. Define where we are going to write the log file.
$Date = Get-Date -Format 'yyyyMMddhhmm'
$csvPath = 'C:\temp\DkimCnames-'+$Date+'.csv'
$LogPath = 'C:\temp\DkimCnames-'+$Date+'.log'
Start-Transcript -Path $LogPath

$Configs = Get-DkimSigningConfig | ? {$_.Enabled -eq $false} | sort -Property Domain | Select Domain,Selector1CNAME,Selector2CNAME
$NewConfigs=@()

Foreach ($Config in $Configs) {
 $Config | Add-Member -type NoteProperty -name Selector1Host -value ('selector1._domainkey.'+$Config.Domain)
 $Config | Add-Member -type NoteProperty -name Selector2Host -value ('selector2._domainkey.'+$Config.Domain)
 $NewConfigs += $Config
 }

$NewConfigs | Select Domain,Selector1Host,Selector1CNAME,Selector2Host,Selector2CNAME | Export-Csv -LiteralPath $csvPath -NoTypeInformation
Stop-Transcript

All I'm really doing here is to pull all the DNS records needed for all the domains that are in your tenant, where you've not already enabled DKIM manually. Doing a few domains by hand is easy - but if you have a lot of domains (especially those with hyphens), this can save quite a bit of time.

All this code comes with the normal disclaimers, of course. You’re on your own here - there’s no warranty on this. I always recommend testing everything in a lab, of course. If you use it, please leave a comment.