How to split DNS DKIM records

DNS TXT records do have a limitation. Strings must not be longer than 255 Bytes.

This limitation can hurt you with SPF records or DKIM records. In this case you have to split the string size of your record.

Let’s do the example with DKIM:

You created a 2048 bit key. This key looks like:

Now you create a DKIM record out of this.

The DKIM record will look like:

selector._domainkey.domain IN TXT "v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApet+d5U8yvCfBAzcAdS5uID/r4Cj4naN1U2fBnxd2aMFLjWn6GHwUvoZuYCYtK23RglWE3meOvD1hxzsHnGmuID/r4Cj4naN1U2fBnxd2aMFLjWn6GHwUvoZuYCYtK23RglWE3meOvD1hxzsHnGmxPIyujltbns+wUlzdKms6eWfhjfoaO5Ifg/0NRHxI0tEBZE6XX2cWP2rHUpVQ+awNo0JeurqRCTz7WQufWKa9H4n5hpLpnLYNOuRxThy3ezZgcfsqWND5NsIdDdrPvEQok8YFr5FaMahGUI4OoMwwKjuLo24YfSqUMiNVFk00yveNvB1qJHKUrRIUfIE4grmD4gjQFIV9n7tT7kdnFb0inPvXxMJSTGFN7Sz+ifNA7DMSVjpBWTuhuY3OK4gBQAkAwIDAQAB"

The string is now longer then 255 bytes. The workaround for this is to split the string in smaller chunks.

In this case you enter the TXT record like this:

selector._domainkey.domain IN TXT "v=DKIM1;k=rsa;" "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApet+d5U8yvCfBAzcAdS5" "uID/r4Cj4naN1U2fBnxd2aMFLjWn6GHwUvoZuYCYtK23RglWE3meOvD1hxzsHnGm" "xPIyujltbns+wUlzdKms6eWfhjfoaO5Ifg/0NRHxI0tEBZE6XX2cWP2rHUpVQ+aw" "No0JeurqRCTz7WQufWKa9H4n5hpLpnLYNOuRxThy3ezZgcfsqWND5NsIdDdrPvEQ" "ok8YFr5FaMahGUI4OoMwwKjuLo24YfSqUMiNVFk00yveNvB1qJHKUrRIUfIE4grm" "D4gjQFIV9n7tT7kdnFb0inPvXxMJSTGFN7Sz+ifNA7DMSVjpBWTuhuY3OK4gBQAkAwIDAQAB"

Now the strings in the TXT record are short enough and it is up to the calling application to concatenate the strings.

Small Hint: in the 1st example you have a double quote in the beginning of the record and and double quote at the end of the record. In the 2nd example you have multiple parts in double quotes, separated by spaces.

You Might Also Like

Clear DNS cache on a Mac

How Do I Update The Root Hints Data File for BIND Named Server?

Hide your version of BIND