Problem: DKIM-TXT-Records are too long - split it to multiple strings

Knowledge Base Community
, , , ,
#1

Problem

DKIM-TXT-Records are too long. TXT-Records in DNS are limitted by a maximum length of 255 byte for a single string.

Solution

By nature, DKIM-Records (and also a lot of other records) can be longer than this length. You can split these records into multiple strings with each 255 characters in length:

Before:

default._domainkey.example.net in TXT v=DKIM1;p=fMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqjLJwyc20rA5SyT5LnZKOWS6sqUanhL+4kWPzOmiVd0WhXdN5oVbmLahcOu5dY8yd4Dfp8rWxcSiz3s1E4rLnY7wU4Zhh9mSEkTgHR6z8oo7aQzI6U3Yi3djCJ9iWET9Ctk2C+80l3cnRRtoKT5QAlrnj2gPSyOdeGd+9eu6Whas7m6W6p99akBveYyuHdI+uGbqFZWD/A01pRCuSBDmgxlwbmTmTx4ekI8ozJV4UXkaxtyplMWnP4/6qMq7FxVxp/2n86Lmn6dIUNv4f3+k9UEsaaMNd8ubT+uq1dtgQWIHjDo7qVHU08XYFD0+c7nC9QFxGTUqbkBH/HRJi+PpgWMpj+WMYf8KAkwYMHwkqVqenPAQidp9iy2zT7A+PdokowysX+6OVoN2oJb8WAP1zNTeLFPBfuOofwLPpY6okzD2vfKudQJRllJc1cd2u7g1I1M3MNT+UwoKW1DYEcX9tqRv7Kt2IwmDSMEIY0N1EX2L+SdP4Bv0nCsC68UxNEx3kHQ9lOhIkSMyayuOrjdtV1XAsNQhRwD+0xkprPL7VFA8cm/ptONJPByWeUGMg26YADw/kNrIRK4TykEAKqKafQxNA+uQVrpYzh3vH3O45smhYHPw7snV5QB1yQHdSBdWWnFXfrM0mWw3cpdH80EQalxqqH+OOvjJjEdKN3T+A1kCAwEAAQ==

After:

default._domainkey.example.net in TXT v=DKIM1;p="fMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqjLJwyc20rA5SyT5LnZKOWS6sqUanhL+4kWPzOmiVd0WhXdN5oVbmLahcOu5dY8yd4Dfp8rWxcSiz3s1E4rLnY7wU4Zhh9mSEkTgHR6z8oo7aQzI6U3Yi3djCJ9iWET9Ctk2C+80l3cnRRtoKT5QAlrnj2gPSyOdeGd+9eu6Whas7m6W6p99akBveYyuHdI+uGbqFZWD/A01pRCuSB" "DmgxlwbmTmTx4ekI8ozJV4UXkaxtyplMWnP4/6qMq7FxVxp/2n86Lmn6dIUNv4f3+k9UEsaaMNd8ubT+uq1dtgQWIHjDo7qVHU08XYFD0+c7nC9QFxGTUqbkBH/HRJi+PpgWMpj+WMYf8KAkwYMHwkqVqenPAQidp9iy2zT7A+PdokowysX+6OVoN2oJb8WAP1zNTeLFPBfuOofwLPpY6okzD2vfKudQJRllJc1cd2u7g1I1M3MNT+UwoKW1DY" "EcX9tqRv7Kt2IwmDSMEIY0N1EX2L+SdP4Bv0nCsC68UxNEx3kHQ9lOhIkSMyayuOrjdtV1XAsNQhRwD+0xkprPL7VFA8cm/ptONJPByWeUGMg26YADw/kNrIRK4TykEAKqKafQxNA+uQVrpYzh3vH3O45smhYHPw7snV5QB1yQHdSBdWWnFXfrM0mWw3cpdH80EQalxqqH+OOvjJjEdKN3T+A1kCAwEAAQ=="

If you want to split in multiple strings in the UMC, you have to use the backslash at that point as shown in the screenshot and enclose the strings in double quotes as shown:
"<key-xyz-testing>" "<further-the-key-abc>"

txt_record

With the following command you can check the key for the txt_record.

dig +short -t txt <name-txt-record.host.domain>

e.g. dig +short -t txt testing.miro.intranet

“v=DKIM1;p=” “fMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqjLJwyc20rA5SyT5LnZKOWS6sqUanhL+4kWPzOmiVd0WhXdN5oVbmLahcOu5dY8yd4Dfp8rWxcSiz3s1E4rLnY7wU4Zhh9mSEkTgHR6z8oo7aQzI6U3Yi3djCJ9iWET9Ctk2C+80l3cnRRtoKT5QAlrnj2gPSyOdeGd+9eu6Whas7m6W6p99akBveYyuHdI+uGbqFZWD/A01pRCuSB”
“DmgxlwbmTmTx4ekI8ozJV4UXkaxtyplMWnP4/6qMq7FxVxp/2n86Lmn6dIUNv4f3+k9UEsaaMNd8ubT+uq1dtgQWIHjDo7qVHU08XYFD0+c7nC9QFxGTUqbkBH/HRJi+PpgWMpj+WMYf8KAkwYMHwkqVqenPAQidp9iy2zT7A+PdokowysX+6OVoN2oJb8WAP1zNTeLFPBfuOofwLPpY6okzD2vfKudQJRllJc1cd2u7g1I1M3MNT+UwoKW1DY” “EcX9tqRv7Kt2IwmDSMEIY0N1EX2L+SdP4Bv0nCsC68UxNEx3kHQ9lOhIkSMyayuOrjdtV1XAsNQhRwD+0xkprPL7VFA8cm/ptONJPByWeUGMg26YADw/kNrIRK4TykEAKqKafQxNA+uQVrpYzh3vH3O45smhYHPw7snV5QB1yQHdSBdWWnFXfrM0mWw3cpdH80EQalxqqH+OOvjJjEdKN3T+A1kCAwEAAQ==”

1 Like
S4 Sync Error because of too long DKIM record
#2
Mastodon