OpenDKIM and restricted DNS

If you are using OpenDKIM behind a restrictive network that doesn’t allow all outgoing UDP connections, you may find some issues when checking authoritative responses for public keys:

key retrieval failed (s=20120113, d=gmail.com): '20120113._domainkey.gmail.com' query timed out

or:

key retrieval failed (s=20120113, d=gmail.com): '20120113._domainkey.gmail.com' unexpected reply class/type (-1/-1)

The workaround is to set static DNS servers (whatever is allowed in your network) inĀ /etc/opendkim.conf using the directive Nameservers:

Nameservers 208.67.222.222,208.67.220.220