DKIM TXT DNS Recort Problem

dns

#1

I just try to create a DKIM record in my masters DNS and I just don’t understand what’s going wrong:

univention-directory-manager dns/txt_record create --superordinate “zoneName=example.com,cn=dns,dc=example,dc=com” --set zonettl=3 --set name=“201902._domainkey” --set txt=“v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmsSi6YbyPESxG20F8zA7NeTx40/PaaH6N6N6lI+5IageFUkxFskLBlGeKsbKrb1UN1o1l85kdTnWC1pn3SB+dnaMbhlTqpsY1mZGoxotJxGSnpYmMwfJ3DpJocAxoG55Wu+58rOdbUFkoAUG2RLrzaPp0xzvkTIWPrXHOB/koOeStdHos7QUiliaBdAoupG4fwfHoi2IPJPLzHfynefBykiVGmPUGjJxowJ/bWTbxwkVKGwjIWPfzqvb4R1WrUbLAh4HL//Y+uiadD07u+hOFxAf0DLHJW8E1RrDtb6Sb6hsQTvdU+3Quk6xdm1hRhKqllbP8oTpwGXW91WIZc+awIDAQAB”

The command runs without an error.

host -t TXT 201902._domainkey.example.com

–> 201902._domainkey.example.com descriptive text “v=DKIM1”
Everything after the semicolon is gone.
Ok, I can try adding additional quotationmarks

univention-directory-manager dns/txt_record create --superordinate “zoneName=schnagl.one,cn=dns,dc=olc,dc=schnagl,dc=one” --set zonettl=3 --set name=“201902._domainkey” --set txt="“v=DKIM1; k=rsa”"

And voila
host -t TXT 201902._domainkey.example.com

–> 201902._domainkey.example.com descriptive text “v=DKIM1, k=rsa”

But when I add the key the the command the host command still delivers the same result. What I can do is just reduce the size of the key:

univention-directory-manager dns/txt_record create --superordinate “zoneName=example.com,cn=dns,dc=example,dc=com” --set zonettl=3 --set name=“201902._domainkey” --set txt="“v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmsSi6YbyPESxG20F8zA7NeTx40/PaaH6N6N6lI+5IageFUkxFskL”"

Then I get what I expect:
host -t txt 201902._domainkey.example.com
201902._domainkey.example.com descriptive text “v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmsSi6YbyPESxG20F8zA7NeTx40/PaaH6N6N6lI+5IageFUkxFskL”

It seems it’s only working if the string is short enough. Any ideas?


#2

It seems I found a solution. Setting a dkim record at the dns server of netcup I realized that the key is split into two halfs. I just took the lookup result and copied it to the Univention master dns:
“v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxvA541BSi4baHzShEQiAGd3rbnIxjpNyjKcrpp98og0Obb8SLmyxioHTlH/tCAg3h/jzVf9o03+Mb4IHEJzaAptHUzVZtn0Tt2nlSf8lX3R0vs4yo5nElvWieWev0UxLUHgjlRpX1uu3HKkFs+wCGNkme9spZeQ/WpNhRb0J/O6Dcsb18FLIW8YehwCqHnim5” “3wAdhTmHi0LZAFO9g1bPPr9t5dL1+vHUNLIh2MpnKRwieSVHtGU8SsOk8NhkRVtOafKC+5CgSuF1jc0RWyYeUZmURPevoloePCakrNyOrUcqKTUQxiP3NgvZ7/UbutmV+pKOoLoxuj7/Sft/tsNVQIDAQAB” “”

This at least gives the correct lookup result with
host -t txt 201902._domainkey.example.com


#3

DNS records have a maximum length for each value, but TXT records may contain more than one value. That’s what you’re encountering here.

Apart from that: keep in mind that DNS records such as DKIM or SPF must be resolvable by the receiving mail server (e.g. when you send a mail from your domain to someone using a googlemail.com address, the Google mail servers will try to look up the DKIM record for your own domain). This in turn means that the records must be available from the public internet. It is unusual to have a UCS DNS server be reachable from the public internet, so let me ask you: are your UCS DNS servers reachable from the internet? Or are you at least using your UCS DNS as a master server for publicly reachable DNS slave servers?


#4

Thanks for your input.

No, my DNS server is not reachable from the internet. Yes, I understand that I have to configure the dkim TXT recort at the DNS server of my hoster.

All I wanted to do is try out dkim internally before I configer the hoster’s DNS record.