opendkim: Add note about adding the key to DNS

Signed-off-by: Florian Pritz <bluewind@xinu.at>

README.md

@@ -19,6 +19,12 @@ it is necessary to run the following once:
 
 certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w /var/lib/letsencrypt/ -d <domain-name>
 
+##### Note about opendkim
+
+The opendkim DNS data has to be added to DNS manually. The roles verifies that the DNS is correct before starting opendkim.
+
+The file that has to be added to the zone is `/etc/opendkim/private/$selector.txt`.
+
 ## Servers
 
 ### vostok

roles/opendkim/tasks/main.yml

@@ -23,6 +23,7 @@
     creates: /etc/opendkim/private/{{dkim_selector}}.private
     chdir: /etc/opendkim/private
 
+# see README.md for instruction on how to add the key to DNS. This will fail unless the key in DNS is correct!
 - name: verify key in dns
   command: opendkim-testkey  -d archlinux.org -s {{dkim_selector}} -k /etc/opendkim/private/{{dkim_selector}}.private -vvv
   tags: