OpenDKIM and restricted DNS

If you are using OpenDKIM behind a restrictive network that doesn’t allow all outgoing UDP connections, you may find some issues when checking authoritative responses for public keys:

key retrieval failed (s=20120113, '' query timed out


key retrieval failed (s=20120113, '' unexpected reply class/type (-1/-1)

The workaround is to set static DNS servers (whatever is allowed in your network) inĀ /etc/opendkim.conf using the directive Nameservers: