Problems adding a DomainKey to Bytemark nameserver for DKIM


#1

I’ve used this tool: http://anders.com/projects/sysadmin/djbdnsRecordBuilder/#domainKeys to build the record and pushed it to Bytemarks DNS servers.

Trying to read the value back using dig gives me a “Warning: Message parser reports malformed message packet.” error message!

I am using a 2048 bit key. Any ideas what is going wrong?

The DNS TXT record I have added is: secure._domainkey.belmontchapel.org.uk


#2

The problem is that the record builder is broken. It mistakenly uses a “generic” : record instead of a “text” ' record.

If you replace the colon at the beginning of the line with a single quote, and replace the :16:\xxx after the hostname with just a colon, the record will work.

I.e. change

:joe._domainkey.example.com:16:\272v=DKIM1;\040k=rsa;\040p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAKJ2lzDLZ8XlVambQfMXn3LRGKOD5o6lMIgulclWjZwP56LRqdg5ZX15bhc\057GsvW8xW\057R5Sh1NnkJNyL\057cqY1a+GzzL47t7EXzVc+nRLWT1kwTvFNGIoAUsFUq+J6+OprwIDAQAB:86400

to

'joe._domainkey.example.com:v=DKIM1;\040k=rsa;\040p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAKJ2lzDLZ8XlVambQfMXn3LRGKOD5o6lMIgulclWjZwP56LRqdg5ZX15bhc\057GsvW8xW\057R5Sh1NnkJNyL\057cqY1a+GzzL47t7EXzVc+nRLWT1kwTvFNGIoAUsFUq+J6+OprwIDAQAB:86400

If generic records are used, then the data have to be structured according to the specs for the record generated. In this case the record type 16 is specified, with is a TXT record, which, according to the RFC, is made up of one or more <character-string>s. These in turn are defined as:

A <character-string> is a single length octet followed by that number of characters. <character-string> is treated as binary information, and can be up to 256 characters in length (including the length octet).

The problem is that the DKIM record is more than 255 characters long, so the record builder generates an incorrect record.


#3

Perfect! That works, thanks :smile: