How do I enter a strong (long) DKIM key into DNS?

You need to split them in the text field. I believe that 2048 is the practical limit for key sizes. Split the text field into parts 255 characters or less. There is overhead for each split.

There are two formats for long fields.

TXT  "part one" \
     "part two"

TXT ( "part one"
      "part two" )

Both of which will combine as "part onepart two". More details from Zytrax.

To generate my DKIM entry I insert my public key file and wrap it in quotation marks.
My public key file contains the following:

MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD78Ki2d0zmOlmjYNDC7eLG3af12KrjmPDeYRr3
q9MGquKRkRFlY+Alq4vMxnp5pZ7lDaAXXwLYjN91YY7ARbCEpqapA9Asl854BCHMA7L+nvk9kgC0
ovLlGvg+hhqIPqwLNI97VSRedE60eS+CwcShamHTMOXalq2pOUw7anuenQIDAQAB

After editing the key in my dns zone file appears as follows:

dkim3._domainkey        IN      TXT     ("v=DKIM1; t=s; p=" 
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD78Ki2d0zmOlmjYNDC7eLG3af12KrjmPDeYRr3"
"q9MGquKRkRFlY+Alq4vMxnp5pZ7lDaAXXwLYjN91YY7ARbCEpqapA9Asl854BCHMA7L+nvk9kgC0"
"ovLlGvg+hhqIPqwLNI97VSRedE60eS+CwcShamHTMOXalq2pOUw7anuenQIDAQAB")

DNS returns it as follow:

 bill:~$ host -t TXT dkim3._domainkey.systemajik.com
 dkim3._domainkey.systemajik.com descriptive text "v=DKIM1\; t=s\; p=" "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD78Ki2d0zmOlmjYNDC7eLG3af12KrjmPDeYRr3" "q9MGquKRkRFlY+Alq4vMxnp5pZ7lDaAXXwLYjN91YY7ARbCEpqapA9Asl854BCHMA7L+nvk9kgC0" "ovLlGvg+hhqIPqwLNI97VSRedE60eS+CwcShamHTMOXalq2pOUw7anuenQIDAQAB"

DNS treats it as one long string with no extra spaces where the lines are joined. All " " sequences are ignored.

If it's Amazon Route 53 then don't use newlines (only spaces) between chunks.

"do it" "this way"

"not like"
"this"

See https://serverfault.com/a/763871/80856

If you use the poweradmin UI for pdns you can just enter the whole dkim string in the input field.

v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxtR3bw1Kbh1B7q4+5aWjTj2YEFwv230gcv+NMp4KouOSLdIr0mCMiwDZpY+7zCdks0zMXtz+F5TPij/NkSAxIKBbJqbIO3mvAhgeI0Vy5aQ5prwnIyXUj54po6AsXbv5Ud2tFbGSsdIhvWiC755d3WaFs8mdWFkpSxprlW6PobCzOWDayWGCvsNfHpjmTxHZinkd3TmLQqE/O6Nb1YnRwQwUCLioSyudV+5Bd2+rXZ2V9FYAOiK2aQi2aSTiUaLCVxft9H6xen3JDaKsuu43QMBrhydoJOCV2QaY82IxqE3GgZrlADu6YEOfotdwD2aA9GRwVB88GqdXL8HwgEGTbwIDAQAB;

I know this post is ancient, but I found it today when querying "DKIM 2048 bit key with UltraDNS." My DNS team had attempted to split the key into two parts with quotes around them and a space between. That was causing UltraDNS to serve up 3 packets (the one in the center was empty) which caused inconsistent validation results.

What worked for me in the UltraDNS control panel was just to submit the entire record in quotes without multiple sets of quotes, delimiters, etc. Works as expected now.

It's not the prettiest script but it saves time and typo's on my named/bind hosts.

#!/usr/bin/env bash
pretty_dkim() {
  grep DKIM1 | sed 's/.*v=DKIM/v=DKIM/' | fold -s -w76 |sed 's/^/"/g;s/$/"/g;1 s/^/(/' | tac | sed '1 s/$/)/'| tac ;
}
if [ -t 0 ]; then 
  cat "$1" | pretty_dkim;
else
  pretty_dkim ;
fi

And if no newlines are needed you could add an | tr '\n' ' '

It's OK if the record is greater than the UDP 512-byte limit because DNS will use TCP.

This should be transparent to the user, but sometimes buggy firewall appliances (such as Cisco PIX/ASA) will filter/block these larger queries.

If you are using MySQL/MariaDB as your DNS backend, like PowerDNS you could resize your content column.

Default PowerDNS content length is VARCHAR(255)

So your DKIM signature will be trimmed off to 255 characters

to fix this

just change the content size via the MySQL CLI / MariaDB CLI

mysql -u root -p

USE powerdns;
alter table records modify column content text not null;

restart your DNS Service (eg PowerDNS)

service pdns restart