DNS DKIM Record – Why Escape ; with \?

dkimdns-zonedomain-name-system

I'm setting up Email Authentication on our domain to allow authentication with our Email Service Provider.

My understanding is that the DNS record needs to have any ; escaped, e.g., \;

I just want to make sure that ALL ; should be escaped.
To that end, I want to make sure I understand why the escaping is needed.
I.e., if it's b/c ; means something special then how do I know when it should not be escaped, and instead it should have it's special meaning?
or is that that is has a special (and different) meaning in DNS TXT records, in general, and that for the special use of a DKIM setting, we do not want it to have that special meaning (and perhaps whoever reads the record will apply the value)

Also, the ESP is telling me that the DNS is "adding \ for some reason" (waiting to confirm whether they just don't understand it.

Best Answer

The choice of what characters are special and require escaping would depend on the nameserver being used as well as what interface is being used to configure the nameserver (for instance if you're using a web-based configuration tool it might automatically escape ; characters for you).

The standard zone file (as defined by RFC 1034/1035) uses the ; character to start a comment. If you did not have a backslash, text from the semicolon to the end of the line would be ignored by the server.

Note that bind does not consider a ; inside of an already quoted string to start a comment and require escaping, but will handle it if you did. Both of these should produce the same response:

IN TXT "asdf;jkl"
IN TXT "asdf\;jkl"

Also note that when you use dig or host, the output printed by those will add a backslash to the semicolon for reasons long forgotten.

Best Answer

Related Solutions

How to write DKIM TXT DNS Record in GoDaddy

What are the implications of inserting a DKIM record for a third party sending email on our behalf

Related Topic