Route53 DNS and DKIM/TXT

amazon-route53dkimdomain-name-systemopendkim

I've been trying to set an openDKIM public key as a TXT record within the Route53 hosted zone for my domain.

The record is mail._domainkey .zewtie.io but, however I enter the public key in the Route53 TXT record, the DKIM public key never seems to be propagated in DNS.

I know of the 255 character limit on the DNS UDP packets, so I split the key into a single line of sub-255 character strings like this;

"v=DKIM1; h=sha256; k=rsa; s=email; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0QIXEqgbl+f3r18UaNFKk/54f06UK7hTGdNsBU/"
"9EaWYqPltJaHwtGx0j/EEHIgdYVOZyTakX7ljMBF55W"
"g1QkLeR4uy0tfU9sWTWPjfpC4zGjGyDIM6f5Gwjk1iw"
"+0f3T9uftKUyyz76N5cndxNSt8m1RTkAw+54rQKWBecLwQIDAQAB"

This still doesn't seem to work however.

Would anyone know of the way to successfully propagate a DKIM public key from a Route53 hosted zone?

Best Answer

Spaces between the quotation marks were being interpreted as new-lines. Removing the spaces between the quotation marks fixed the issue.

Related Solutions

DNS – How to Enter a Strong DKIM Key

You need to split them in the text field. I believe that 2048 is the practical limit for key sizes. Split the text field into parts 255 characters or less. There is overhead for each split.

There are two formats for long fields.

TXT  "part one" \
     "part two"

TXT ( "part one"
      "part two" )

Both of which will combine as "part onepart two". More details from Zytrax.

To generate my DKIM entry I insert my public key file and wrap it in quotation marks.
My public key file contains the following:

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD78Ki2d0zmOlmjYNDC7eLG3af12KrjmPDeYRr3
q9MGquKRkRFlY+Alq4vMxnp5pZ7lDaAXXwLYjN91YY7ARbCEpqapA9Asl854BCHMA7L+nvk9kgC0
ovLlGvg+hhqIPqwLNI97VSRedE60eS+CwcShamHTMOXalq2pOUw7anuenQIDAQAB

After editing the key in my dns zone file appears as follows:

dkim3._domainkey        IN      TXT     ("v=DKIM1; t=s; p=" 
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD78Ki2d0zmOlmjYNDC7eLG3af12KrjmPDeYRr3"
"q9MGquKRkRFlY+Alq4vMxnp5pZ7lDaAXXwLYjN91YY7ARbCEpqapA9Asl854BCHMA7L+nvk9kgC0"
"ovLlGvg+hhqIPqwLNI97VSRedE60eS+CwcShamHTMOXalq2pOUw7anuenQIDAQAB")

DNS returns it as follow:

 bill:~$ host -t TXT dkim3._domainkey.systemajik.com
 dkim3._domainkey.systemajik.com descriptive text "v=DKIM1\; t=s\; p=" "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD78Ki2d0zmOlmjYNDC7eLG3af12KrjmPDeYRr3" "q9MGquKRkRFlY+Alq4vMxnp5pZ7lDaAXXwLYjN91YY7ARbCEpqapA9Asl854BCHMA7L+nvk9kgC0" "ovLlGvg+hhqIPqwLNI97VSRedE60eS+CwcShamHTMOXalq2pOUw7anuenQIDAQAB"

DNS treats it as one long string with no extra spaces where the lines are joined. All " " sequences are ignored.

Route 53 – Adding DKIM Keys When Length is Too Long

See a similar issue in Route 53 forum:

Unfortunately the 255 character limit per string on TXT records is not a Route53 limit but rather one imposed by the DNS protocol itself. However, each TXT record can have multiple strings, each 255 characters long. You will need to split your DKIM into multiple strings for your TXT record. You can do this via the console by entering each string encapsulated in quotes, one string per line.

Important note: Do not use "one string per line" as the instructions say -- separate strings with a single space, eg. "foo" "bar" not "foo"\n"bar". Use DKIMValidator to validate the signature is being read correctly.

Best Answer

Related Solutions

DNS – How to Enter a Strong DKIM Key

Route 53 – Adding DKIM Keys When Length is Too Long

Related Topic