New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

multiple strings in txt records for large DKIM key support #171

Closed
wispr opened this Issue Jan 22, 2015 · 7 comments

Comments

Projects
None yet
3 participants
@wispr

wispr commented Jan 22, 2015

Old DKIM keys with 768 bits fit fine in a standard text record, but 1024 and 2048 bit DKIM keys are larger than the 255 byte txt record. You can get around this by using the built in support for multiple strings within txt records in bind.

https://kb.isc.org/article/AA-00356/0/Can-I-have-a-TXT-or-SPF-record-longer-than-255-characters.html

Can the UI be updated to handle this use case? IE, check if the proposed txt string is longer than 255, and if so, break it into multiple chunks less than 255 bytes each?

@WillyXJ WillyXJ added this to the 2.0 release milestone Jan 22, 2015

@WillyXJ

This comment has been minimized.

Owner

WillyXJ commented Jan 22, 2015

Simple enough - Added to 2.0-beta1 and later.

@wispr

This comment has been minimized.

wispr commented Mar 17, 2015

Tested and confirmed resolved. Nice work!

@andrewhotlab

This comment has been minimized.

andrewhotlab commented Jul 13, 2017

Sorry to come back to this old issue, but it seems not to be completely solved to me. I just added a 2048 bit DKIM public key in a TXT record and all seemed to work (reloaded the zone from the GUI without errors). But the zone cannot replicate to slave servers and invoking named-checkzone manually returns this error:

named-checkzone test.com db.test.com.hosts
dns_rdata_fromtext: db.test.com.hosts:20: syntax error
zone test.com/IN: loading from master file db.test.com.hosts failed: syntax error
zone test.com/IN: not loaded due to errors.

Here is the line 20 (and next ones) of the zone file. You can see that the second payload is actually 256 character long (there is a space added in the end which breaks the rules):

test._domainkey.test.com. IN TXT ("v=DKIM1; k=rsa; "
"p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8m4+Bz29MvYo7uEEQhj&kzhmXIm7Qko80Lw41sKsxkQM1raySqwVyVN6pTYieLjprXpzq1qHU/ah5xzXxbud&yXXOdS+NmmMdSIpqvn340fU61OBR32t3lxtP6uRv2eoRKyIFzUugPCYKGURH+Auy&Fmfj/RVyTSqoIEmOIukoFQfuhb/4i9jfK6gDn0a9ajyrY+XlGBOkMvdJNE "
"PSoTsV&6z9CB4jvjyXot59+yMTZhPV/wMtqziUoPG2frolNUvLh+vbz16OVlbzhUDejcJYa&TIFLOvdOEO8bgVuf0ljjwnT5vei4+ntqXFsRzTv47kLfxBpZpQrUkTm12guBTubM&GwIDAQAB")

I'm running facileManager 3.0.1 with fmDNS 3.0.1 over a nameserver running BIND 9.10.5-P1 on FreeBSD 10.3/amd64.

@WillyXJ

This comment has been minimized.

Owner

WillyXJ commented Jul 14, 2017

@andrewhotlab - Thanks for the report. I've verified this broke in v3.0.1 with a fix for other types of TXT records in 4b3e6f4. You can rollback to 3.0 until a fix is in place. I'll need to revist the function to better account for a word split.

@WillyXJ

This comment has been minimized.

Owner

WillyXJ commented Jul 17, 2017

@andrewhotlab - The fix will be included in the next release of fmDNS (3.0.2). You can either wait until then or manually apply the commit (557e5b0).

@WillyXJ WillyXJ closed this Jul 17, 2017

@andrewhotlab

This comment has been minimized.

andrewhotlab commented Jul 17, 2017

Great! Thank you very much Willy!!

@wispr

This comment has been minimized.

wispr commented Jul 31, 2017

Confirmed broken (won't load the zone) in 3.0.1 and fixed in 3.0.2.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment