many questions here on spliting DKIM txt records, but my dns provider only allows 255 chars for each key. no fancy way to enter multiple values like the other platforms mentioned all the other questions.
I went ahead and entered multiple TXT entries with the same name:
entry type value
[z._domainkey] [TXT] [v=DKIM1;k=rsa;...]
[z._domainkey] [TXT] [...restofkey]
which does show on my queries, but sometimes out of order:
$ drill txt z._domainkey.example.com.
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 7181
;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; z._domainkey.example.com. IN TXT
;; ANSWER SECTION:
z._domainkey.example.com. 1796 IN TXT "v=DKIM1;k=rsa;"
z._domainkey.example.com. 1796 IN TXT "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh957KTmtf+f1GCrdVKydz2x0NDs1Cx/g/AYIlx2QcyOpXzd3DNC8saykKjfwYEIGq47UdnLQdJztINPu5QsphwSnpQiGqV28EltNp1poNNeUwSno7vrUTQI44vkD7OosCh+yLVD5AWCqxOr0l4C6kp2UuXvEc6zANPQrbOuVABm"
z._domainkey.example.com. 1796 IN TXT "Gf2nLFvcR4iswFC3JpLOdZr259BelASlU2WApIeDK/a8Qo096WzpFCeFtamIxZFkeHdCSmrS7zrtDrxxvXzYhXIFharkWeY5cXKzZ7vUGR14Zie9gzNzoz5NoibngkBH6dw5C70lU5ynVwx+/U+TCEKOZu1X9K/ZC5/1NrsW83QIDAQAB"
(already tried to split right on the middle, in 64bytes like base64 usually is, using online splitter tools, in two, 3 and 4 pieces. all give the same end result)
all validators (including the one from my MX handler) says that is invalid.
Is there anything else i have to do to split the values? do i have to repeat the p= part or something else? how DNS clients know the order to concatenate the multiple TXT entries? why validation tools that give the split values also fail to validate them when split? e.g. https://www.mailhardener.com/tools/dns-record-splitter
all validators just show one record that has the v=DKIM1;k=rsa;p=... part as a invalid dkim record, and the one that is just the continuation of the key as an entirely different record that is not even a valid dkim.
for example https://dkimcore.org/c/keycheck says
* v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0... (This might be a valid DKIM record)
* r259BelASlU2WApIeDK/a8Qo096WzpFCeFtam... (This doesn't look like a DKIM record)
The DNS protocol level requirement is quite simple really, usually questions circle around various UI choices (as is the case here, I believe).
The value (RData if you will) of a
TXTrecord in DNS consists of an array of character-string values. Each individual character-string can be 0-255 characters long.A DKIM entry in DNS needs to be a single
TXTrecord, and DKIM defines that if thatTXTrecord has multiple string values these will be concatenated together before use by the DKIM-aware software.From the DKIM RFC:
Ie, if you have a long DKIM value, it makes no difference how you cut it up as long as each piece is no longer than 255 characters. However, all the pieces need to be in one single
TXTrecord.As for your specific situation, in the standardized master file format your example would be:
(Note how it is one single record with multiple string values)
If the software/service you are using does not accept data input matching the master file format, it's most likely simply a matter of figuring out the specific format they expect (manual? support?), or possibly even some limited
TXTsupport specific to that software/service.