[designate] DKIM TXT record problem

Jeremy Stanley fungi at yuggoth.org
Sat Jun 22 13:17:27 UTC 2019


On 2019-06-22 15:11:15 +0300 (+0300), Ionut Biru wrote:
> I'm running Rocky and as backend for designate I have powerdns.
> 
> Whenever I try to add a TXT record for DKIM, the API returns that the
> specified record is not a TXT record.
> 
> https://paste.xinu.at/OOz7/
> 
> It seems that is due to the length of the record It has a maxim a 255 limit.
> 
> How should I proceed in this case?

A single TXT value string can not exceed 255 bytes in length. This is
fundamental to the IETF's specification for the domain name system
and has little to do with either Designate or PowerDNS. DKIM however
takes into account that you may have keys whose representation
exceeds the limits of a single string, and allows for splitting the
key into additional parts:

    https://tools.ietf.org/html/rfc6376#section-3.6.2.2

I would try adding a space somewhere in the middle of the "p" field
so that it is broken up into two shorter strings each no longer than
255 characters.
-- 
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190622/261914ac/attachment.sig>


More information about the openstack-discuss mailing list