Wow. It’s 2009, and apparently DNS can only support reading configuration file lines which are not greater than 255 characters. I received the following error in my system log when I was setting up DKIM entries:
Problem is, the entire domain is then borked. That is, if domain.dns contains all of the DNS records for example.com, this error makes the domain not found at all. Whoops.
Using domain server:
Name: ns3.marketruler.com
Address: 76.12.128.152#53
Aliases:
Host example.com not found: 3(NXDOMAIN)
Doh. Turns out, the syntax for including multi-line TXT records in named.conf is slightly obscure, but thanks to the folks at SFR Fresh, which hosts an open-source DKIM Milter, the syntax isn’t that difficult to master. In short, you include the text record by breaking it into smaller strings, and enclosing the whole thing with parenthesis.
For example:
Becomes
“ing as an example” )
You get the idea.
Apparently DNS can support TXT records up to 65535 characters, but I’d say except in the cases of DKIM records, it’s rare to need this much data for a DNS record.
4 replies on “DKIM TXT Records in DNS exceeding 255 characters”
Why didnt I think of that solution! Thanks a lot!
I found the solution to this same issue was using PEM format and openssl rather than ssh-keygen and -t dsa. eg:
openssl genrsa -out mattgrosso.com.key 1024
openssl rsa -in mattgrosso.com.key -out mattgrosso.com.public.key -pubout -outform PEM
Hm. Didn’t see how the public key output mimics the DNS text wrapping at all …
Try and keep the entire payload (Q and A etc) under 512 bytes – that’s the max that can fit into a UDP DNS packet, and falling back to DNS over TCP will probably slow stuff down like crazy, if not totally break many things.