{"id":676,"date":"2016-09-14T17:23:53","date_gmt":"2016-09-14T16:23:53","guid":{"rendered":"https:\/\/hostinguk.net\/blog\/?p=676"},"modified":"2016-09-14T17:28:52","modified_gmt":"2016-09-14T16:28:52","slug":"crazy-long-dkim","status":"publish","type":"post","link":"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/","title":{"rendered":"Crazy Long DKIM?"},"content":{"rendered":"

Ever wondered how you deal with long DKIM<\/a> records? Because if you think you can just stick that bad boy in a text field, chances are that is going to fail. Horribly. There is an RFC (Request for Comments<\/a> – or internet adopted standard) that says that TXT fields within a DNS zone need to be under 254 chars.. If they are not they will either be kicked out again, rejected, or worse still accepted and then fail to propagate and throwing a properly large spanner in the works.<\/p>\n

Thankfully the internet is here to help.<\/p>\n

There is another RFC<\/a> that lays out a means and structure to put in these crazy long strings into TXT fields, and still have them work. Who knew – right?<\/p>\n

So – RFC suggests splitting it up. Sure – it all goes in the same record, but it is handled as different records, and chunked back together by the application at the other end. It complies by the rules, yet manages to work around them.<\/p>\n

The long and the short of it is the following:<\/p>\n

“v=DKIM1; k=rsa; p=MIIBIjANBgksdfsdfsdfsdfsdfsdfsdf\/” “kldfgnmansnausdnffNNNnmnsdnasd” “jnakakksnnfuwuerhfhHQR”<\/strong><\/em><\/p><\/blockquote>\n

…where you do not need to cut it off at the 254th char – you can just pick neat places all the way through to the end.<\/p>\n

If you are having issues sleeping the full article can be found over on the http:\/\/www.opendkim.org\/opendkim-README<\/a> – with particular reference to LARGE KEYS.<\/p>\n

For the sake of completeness – this is below for completeness:<\/p>\n

LARGE KEYS
\n==========<\/strong><\/em><\/p>\n

If you wish to use a large key in DNS, there are some limitations of which<\/em>
\n you should be aware. A TXT record in the DNS consists of a series of<\/em>
\n strings each of which don’t exceed 255 bytes. This is a result of the<\/em>
\n fact that each string is preceded by a length byte (which, of course,<\/em>
\n can’t exceed 255). Furthermore, some DNS implementations don’t allow<\/em>
\n packets larger than 512 bytes. Some RSA keys will exceed the 255 byte<\/em>
\n limit once encoded with base64, so some special formatting must be<\/em>
\n used to make such a record fit. Failing to do so can cause an incomplete<\/em>
\n record to be published or, worse, the nameserver to refuse to serve the<\/em>
\n record or even the entire zone.<\/em><\/p>\n

In the case of the BIND nameserver, there are two syntax rules one can use<\/em>
\n to make a large record fit within these boundaries:<\/em><\/p>\n

1) TXT substrings<\/strong><\/em><\/p>\n

Instead of a record like:<\/em><\/p>\n

recname IN TXT “foobarbazblivitalphabravocharliedelta…zulu”<\/em><\/p>\n

…one can also do:<\/em><\/p>\n

recname IN TXT “foobar” “baz” “blivit” “alpha” … “zulu”<\/em><\/p>\n

(The “…” is mean to indicate continuation and is not a literal set of<\/em>
\n three “.” characters.)<\/em><\/p>\n

You simply have to break up the large record into smaller strings such<\/em>
\n that no string exceeds 255 bytes. DKIM implementations will<\/em>
\n reassemble TXT records broken down this way into the full original<\/em>
\n single string before processing them.<\/em>
\n
\n2) Line continuations<\/strong><\/em><\/p>\n

It can be difficult for some to edit very long lines of text.<\/em>
\n It’s therefore desirable to have a mechanism to break very long<\/em>
\n TXT records down so that they fit nicely within an editor window.<\/em>
\n In BIND, this is done by enclosing the wrapped lines within<\/em>
\n parentheses. Continuing with the example above, this:<\/em><\/p>\n

recname IN TXT “foobar” “baz” “blivit” “alpha” … “zulu”<\/em><\/p>\n

…can also be expressed as:<\/em><\/p>\n

recname IN TXT ( “foobar” “baz” “blivit” “alpha”<\/em>
\n “bravo” “charlie” “delta” “echo”<\/em>
\n …<\/em>
\n “yankee” “zulu” )<\/em><\/p>\n

So using these two techniques, a very large public key could be encoded<\/em>
\n in a DNS zone file as follows:<\/em><\/p>\n

recname IN TXT ( “v=DKIM1; g=*; k=rsa; “<\/em>
\n “p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Z4F”<\/em>
\n “JEMHjJDuBmt25zvYFVejlARZGt1L8f0s1+rLxIPYkfCogQi+Y8”<\/em>
\n “oLEg9vvEKnLx9aogZzuNt6j4Sty3LgXxaIwHnMqk0LldbA\/mh3”<\/em>
\n “wLZb16Wc6btXHON0o3uDipxqGK2iRLTvcgAnNDegseOS+i0aJE”<\/em>
\n “nNSl663ywRBp\/QKezhUC7cnbqR\/H8dz8pEOjeawNN3nexdHGsk”<\/em>
\n “+RaafYvCFvU+70CQORcsk+mxb74SwGT2CGHWxVywQA9yrV+sYk”<\/em>
\n “JpxaufZLo6xp0Z7RZmbf1eGlCAdhkEy+KYQpQkw2Cdl7iKIK4+”<\/em>
\n “17gr+XZOrfFLJ5IwpVK\/a19m3BLxADf0Kh3oZwIDAQAB” )<\/em><\/p><\/blockquote>\n

ZZZzzzzz … I did say \ud83d\ude09<\/p>\n","protected":false},"excerpt":{"rendered":"

Ever wondered how you deal with long DKIM records? Because if you think you can just stick that bad boy in a text field, chances are that is going to fail. Horribly. There is an RFC (Request for Comments – or internet adopted standard) that says that TXT fields within a DNS zone need to… Keep Reading<\/a><\/p>\n","protected":false},"author":1,"featured_media":659,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":true,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"Crazy Long DKIM?","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[13],"tags":[86,66,23,87,67],"class_list":["post-676","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-support","tag-dkim","tag-dns","tag-email","tag-mail","tag-txt"],"yoast_head":"\nCrazy Long DKIM? - Hosting UK<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Crazy Long DKIM? - Hosting UK\" \/>\n<meta property=\"og:description\" content=\"Ever wondered how you deal with long DKIM records? Because if you think you can just stick that bad boy in a text field, chances are that is going to fail. Horribly. There is an RFC (Request for Comments – or internet adopted standard) that says that TXT fields within a DNS zone need to... Keep Reading\" \/>\n<meta property=\"og:url\" content=\"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/\" \/>\n<meta property=\"og:site_name\" content=\"Hosting UK\" \/>\n<meta property=\"article:published_time\" content=\"2016-09-14T16:23:53+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-09-14T16:28:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/hostinguk.net\/blog\/wp-content\/uploads\/2016\/09\/smtp-envelope.jpg?fit=954%2C954&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"954\" \/>\n\t<meta property=\"og:image:height\" content=\"954\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"hostmaster\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"hostmaster\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/\"},\"author\":{\"name\":\"hostmaster\",\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/#\/schema\/person\/7afa802f94e15095add2681a321f733d\"},\"headline\":\"Crazy Long DKIM?\",\"datePublished\":\"2016-09-14T16:23:53+00:00\",\"dateModified\":\"2016-09-14T16:28:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/\"},\"wordCount\":658,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/staging.hostinguk.net\/blog\/wp-content\/uploads\/2016\/09\/smtp-envelope.jpg\",\"keywords\":[\"dkim\",\"dns\",\"Email\",\"mail\",\"txt\"],\"articleSection\":[\"Support\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/\",\"url\":\"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/\",\"name\":\"Crazy Long DKIM? - Hosting UK\",\"isPartOf\":{\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/staging.hostinguk.net\/blog\/wp-content\/uploads\/2016\/09\/smtp-envelope.jpg\",\"datePublished\":\"2016-09-14T16:23:53+00:00\",\"dateModified\":\"2016-09-14T16:28:52+00:00\",\"author\":{\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/#\/schema\/person\/7afa802f94e15095add2681a321f733d\"},\"breadcrumb\":{\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/#primaryimage\",\"url\":\"https:\/\/staging.hostinguk.net\/blog\/wp-content\/uploads\/2016\/09\/smtp-envelope.jpg\",\"contentUrl\":\"https:\/\/staging.hostinguk.net\/blog\/wp-content\/uploads\/2016\/09\/smtp-envelope.jpg\",\"width\":954,\"height\":954},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/staging.hostinguk.net\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Crazy Long DKIM?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/#website\",\"url\":\"https:\/\/staging.hostinguk.net\/blog\/\",\"name\":\"Hosting UK\",\"description\":\"Hosting UK | Domain names | Web hosting | Dedicated Servers\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/staging.hostinguk.net\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/staging.hostinguk.net\/blog\/#\/schema\/person\/7afa802f94e15095add2681a321f733d\",\"name\":\"hostmaster\",\"url\":\"https:\/\/staging.hostinguk.net\/blog\/author\/hostmaster\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Crazy Long DKIM? - Hosting UK","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_GB","og_type":"article","og_title":"Crazy Long DKIM? - Hosting UK","og_description":"Ever wondered how you deal with long DKIM records? Because if you think you can just stick that bad boy in a text field, chances are that is going to fail. Horribly. There is an RFC (Request for Comments – or internet adopted standard) that says that TXT fields within a DNS zone need to... Keep Reading","og_url":"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/","og_site_name":"Hosting UK","article_published_time":"2016-09-14T16:23:53+00:00","article_modified_time":"2016-09-14T16:28:52+00:00","og_image":[{"width":954,"height":954,"url":"https:\/\/i0.wp.com\/hostinguk.net\/blog\/wp-content\/uploads\/2016\/09\/smtp-envelope.jpg?fit=954%2C954&ssl=1","type":"image\/jpeg"}],"author":"hostmaster","twitter_misc":{"Written by":"hostmaster","Estimated reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/#article","isPartOf":{"@id":"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/"},"author":{"name":"hostmaster","@id":"https:\/\/staging.hostinguk.net\/blog\/#\/schema\/person\/7afa802f94e15095add2681a321f733d"},"headline":"Crazy Long DKIM?","datePublished":"2016-09-14T16:23:53+00:00","dateModified":"2016-09-14T16:28:52+00:00","mainEntityOfPage":{"@id":"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/"},"wordCount":658,"commentCount":0,"image":{"@id":"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/#primaryimage"},"thumbnailUrl":"https:\/\/staging.hostinguk.net\/blog\/wp-content\/uploads\/2016\/09\/smtp-envelope.jpg","keywords":["dkim","dns","Email","mail","txt"],"articleSection":["Support"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/","url":"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/","name":"Crazy Long DKIM? - Hosting UK","isPartOf":{"@id":"https:\/\/staging.hostinguk.net\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/#primaryimage"},"image":{"@id":"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/#primaryimage"},"thumbnailUrl":"https:\/\/staging.hostinguk.net\/blog\/wp-content\/uploads\/2016\/09\/smtp-envelope.jpg","datePublished":"2016-09-14T16:23:53+00:00","dateModified":"2016-09-14T16:28:52+00:00","author":{"@id":"https:\/\/staging.hostinguk.net\/blog\/#\/schema\/person\/7afa802f94e15095add2681a321f733d"},"breadcrumb":{"@id":"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/#primaryimage","url":"https:\/\/staging.hostinguk.net\/blog\/wp-content\/uploads\/2016\/09\/smtp-envelope.jpg","contentUrl":"https:\/\/staging.hostinguk.net\/blog\/wp-content\/uploads\/2016\/09\/smtp-envelope.jpg","width":954,"height":954},{"@type":"BreadcrumbList","@id":"https:\/\/staging.hostinguk.net\/blog\/crazy-long-dkim\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/staging.hostinguk.net\/blog\/"},{"@type":"ListItem","position":2,"name":"Crazy Long DKIM?"}]},{"@type":"WebSite","@id":"https:\/\/staging.hostinguk.net\/blog\/#website","url":"https:\/\/staging.hostinguk.net\/blog\/","name":"Hosting UK","description":"Hosting UK | Domain names | Web hosting | Dedicated Servers","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/staging.hostinguk.net\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/staging.hostinguk.net\/blog\/#\/schema\/person\/7afa802f94e15095add2681a321f733d","name":"hostmaster","url":"https:\/\/staging.hostinguk.net\/blog\/author\/hostmaster\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/staging.hostinguk.net\/blog\/wp-content\/uploads\/2016\/09\/smtp-envelope.jpg","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p63y3g-aU","jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/staging.hostinguk.net\/blog\/wp-json\/wp\/v2\/posts\/676","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/staging.hostinguk.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/staging.hostinguk.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/staging.hostinguk.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/staging.hostinguk.net\/blog\/wp-json\/wp\/v2\/comments?post=676"}],"version-history":[{"count":3,"href":"https:\/\/staging.hostinguk.net\/blog\/wp-json\/wp\/v2\/posts\/676\/revisions"}],"predecessor-version":[{"id":679,"href":"https:\/\/staging.hostinguk.net\/blog\/wp-json\/wp\/v2\/posts\/676\/revisions\/679"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/staging.hostinguk.net\/blog\/wp-json\/wp\/v2\/media\/659"}],"wp:attachment":[{"href":"https:\/\/staging.hostinguk.net\/blog\/wp-json\/wp\/v2\/media?parent=676"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/staging.hostinguk.net\/blog\/wp-json\/wp\/v2\/categories?post=676"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/staging.hostinguk.net\/blog\/wp-json\/wp\/v2\/tags?post=676"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}