ubuntu - using own mail server with external domain and dns. Now have internal dns. dkim test not working

I am not very knowledgeable in this area, but have been able to make great head way. Now i am stuck

I setup my own mail server, e.g mailbox.example.com. I had the domain dns point to my mail server in my office.
i was able to set up everything working fine. such as dkim and spf records.

Recently i decided to setup an internal dns server in the office so as to resolve some addresses for some development servers internally.

Ok the problem now is my mail server is sitting on the internal dns server (the mail server is on the same box as the dns server) its still able to send and receive emails but not sure if dkim is working properly.

when i try to do a dkim test "amavisd test keys" i get "invalid (public key: not available)" and i know that that means i have a dns issue.

so what should i do? I am currently looking at my internal dns zonefile and i dont know what to do (i am using bind dns server on an ubuntu-server box).

do i configure a dkim txt record on the local dns ?
or
is there a way to forward dkim "request" to the external dns ?
or do i have this whole thing done wrong ?

To be clear

• Basically my internal domain name is the same as my external domain
  
  name (i.e example.com)


• i have a mail server within my internal domain mailbox.example.com,
  that uses my external domain dns (external dns has been setup to
  point to my emailserver (which of course is now sitting behind my
  internal dns))


• dkim (i dont think its working because it fails the dkim test")

Need help in determing the proper setup

What is the proper way to set this up ?

thank you

Update: Here is my local dns zone file

;
; BIND data file for local loopback interface
;
$TTL    604800

@       IN      SOA     webserver.example.com. root.example.com. ( //dns and webserver on the same box
                         2012030809     ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      webserver.example.com.
@       IN      A       192.168.1.117
@       IN      AAAA    ::1

ns      IN      A       192.168.1.117

www     IN      A       xx.xx.xx.xxx  //  ip of external domain box (bluehost) work around to let local clients access website
newsletter  IN      A       xx.xx.xxx.117 // external ip address of local network
mailbox.example.com.  IN A 192.168.1.111 // internal ip of mailbox (mailserver
webserver.example.com. IN A 192.168.1.117 //internal ip of a webserver

Answer

The local version of your zone file is clearly missing quite a bit... ie, your MX records, DKIM, and ${deity} knows what else.

Three ways to resolve (no pun intended) this problem:

1. Copy the entire zone from your external DNS servers, and then add the A records for the internal development servers to it.




2. Place the internal development servers in a separate zone, perhaps a subdomain. Make BIND authoritative for that zone, but NOT for your production zone.




3. Keep two totally separate versions of the zonefile for the one zone. (ie, split horizon). This way you can use internal (RFC 1918) IP addresses for your mail server etc from inside your network, and public IP addresses everywhere else. Just make sure that every DNS RR that exists in your public zone has a corresponding DNS RR in your internal zone, especially your MX RRs, your DKIM keys, etc.

HTH.