The Shœstring Foundation Weblog

The Shœstring Foundation Weblog, Miscellaneous Byproducts

Matthias Bauer
bauerm (at) shoestringfoundation · org
reop pubkey
Vignettes by George Herriman

Subscribe to a syndicated feed of my weblog, brought to you by the wonders of RSS.

Blosxom Logo

Mon, 06 Mar 2017

DKIM entries in NSD zone files

Various Howtos about DKIM exist. After creation of a public/private keypair for signing, some of them advise to insert a TXT RR of the following kind into the zone file containing the affected mail domain: 1800 IN TXT k=rsa; t=s; p=TjqHkmQL3WPN0eLuAVsAx

I tried this with the NSD DNS server. What i found the hard way:

  1. The semi-colon (;) is the start-of-comment in zone files. Typing the quoted line verbatim cuts off everything after k=rsa.
  2. TXT records have a maximum length of 255 chars (because some length field has only 8 bits), so even when the semi-colons above are masked with backslashes, nsd (version 4.1.10) will refuse to load the zone file, but will not explain why the parser thinks it is erroneous.

To get the TXT entry in the zone, one has to

  1. surround the contents — beginning with k=rsa — with parens, and
  2. split them into chunks of at most 255 characters, and
  3. put these chunks into double-quotes, and
  4. separate these with spaces
The resulting line in the zone file for the example above would be 1800 IN TXT ("k=rsa; t=s; p=TjqHkmQL3WPN0eLuAVsA
kDLqRXocC73CAD4ADJsI5bjWn+mGcN1CXwfxtgvlk9XiGhpPDEbQCkeLtj" "Yatf4u8yXDjSB8+TyHN2ltcxZpU;")

[/projects] permanent link