Skip to content

Instantly share code, notes, and snippets.

@jarbro

jarbro/dnsme2048dkim.md

Last active July 12, 2022 12:29
Show Gist options
  • Star 6 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jarbro/1ca6001eef39cde53daa10bc87035ed7 to your computer and use it in GitHub Desktop.
Save jarbro/1ca6001eef39cde53daa10bc87035ed7 to your computer and use it in GitHub Desktop.
Download ZIP
DNS Made Easy 2048 bit DKIM Support
Raw
dnsme2048dkim.md

DNS Made Easy 2048 bit DKIM support

If you have ever attempted to create your own DKIM key for your own mail server you know it can be a daunting task. Every flavor SMTP DKIM configuration is a bit different. Though once you've gotten your SMTP server configured with your private and public key, the easiest part of the entire process should be to make the necessary changes at your DNS provider,right? Unfortunately, not all providers support automatically accepting 2048 bit DKIM keys and you are ready to bang your head against the wall. Why dont they support a 2048 bit key or larger? Well, their system wont automatically handle keys larger than 255 contiguous characters because they haven't updated their interfaces to handle RFC 4408. More on this in a bit.

If you are using DNS Made Easy like I was, you probably ran across the error when trying to enter your DKIM key.

"Contiguous strings may not be longer than 255 characters"

Thankfully, DNS RFC 4408 has a way for handling this. While there is no knowledge base entry on the DNSME support site, they do in fact support 2048 bit keys, but you'll have to open a support ticket to get the answer.

I've generated a sample 2048 bit key using Port25 DKIM Wizard for my example.

Example

Generated 2048 bit key

v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA38K27694dPpB72IgyYh/d6bOaSTe4vXlaPOFjAn4Mef8VGA8Cnvb2VWx0wV2HvqAR62iHjBVZc6otsYI35MIwOh6cunL5ypwIQ0+ALUd5+qUz6ww2vAPkt0iPudIwg41Zmv+tR74zZGNHtV+691i6jCYKEJ6iJlfJqwM+HigDy5T62Qp5FaVSDom/y4eLinme0Vdg1AZQ4Vg5/fK1PtVNTrqwFqzGy6IdmVjImfcNtAZ/CXSzKLUmsPHxo/ST88XFK9jUUW8vYcT9Yw+Ma0mce9mCcxITpCG5jrX07K+Y+kNJPesZ9v/prwQ+4JVtoT2FrJE6nFqHGLGpTzUVGKkTQIDAQAB

Modified 2048 bit key for DNS Made Easy

"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA38K27694dPpB72IgyYh/d6bOaSTe4vXlaPOFjAn4Mef8VGA8Cnvb2VWx0wV2HvqAR62iHjBVZc6otsYI35MIwOh6cunL5ypwIQ0+ALUd5+qUz6ww2vAPkt0iPudIwg41Zmv+tR74zZGNHtV+691i6jCYKEJ6iJlfJqwM+HigDy5T62Qp5FaVSDom/y4eLinme"
"0Vdg1AZQ4Vg5/fK1PtVNTrqwFqzGy6IdmVjImfcNtAZ/CXSzKLUmsPHxo/ST88XFK9jUUW8vYcT9Yw+Ma0mce9mCcxITpCG5jrX07K+Y+kNJPesZ9v/prwQ+4JVtoT2FrJE6nFqHGLGpTzUVGKkTQIDAQAB"

What I've done here is I've broken out the first 255 characters of the DKIM key and wrapped it in quotes. The remaining characters are also wrapped in quotes.

without the DKIM it would look something like this.

"v=DKIM1; k=rsa................" "....................."

To help you count characters, don't count by hand, use this tool.

Many DNS providers out there are smart enough to automatically handle long DKIM keys. I've tested 2048 bit with the following providers who automatically handle long keys with ease.

In no particular order

Some links above may be affiliate links to help cover my server costs and beer.

@mjpalm21
Copy link

Great article! Exactly what I needed. Thanks for sharing!

@nomandera
Copy link

Whilst the DNS Made Easy documentation still says:

DKIM is created using TXT records. TXT records are plain text records with a name and a value of up to 255 characters.

Constellix supports TXT records longer than 255 characters.

As off 12th July 2022 I have tested that it works with a 488 char DKIM without splitting or any special steps.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment