Route53 DNS and DKIM/TXT

Question

I've been trying to set an openDKIM public key as a TXT record within the Route53 hosted zone for my domain.

The record is mail._domainkey .zewtie.io but, however I enter the public key in the Route53 TXT record, the DKIM public key never seems to be propagated in DNS.

I know of the 255 character limit on the DNS UDP packets, so I split the key into a single line of sub-255 character strings like this;

"v=DKIM1; h=sha256; k=rsa; s=email; "
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0QIXEqgbl+f3r18UaNFKk/54f06UK7hTGdNsBU/"
"9EaWYqPltJaHwtGx0j/EEHIgdYVOZyTakX7ljMBF55W"
"g1QkLeR4uy0tfU9sWTWPjfpC4zGjGyDIM6f5Gwjk1iw"
"+0f3T9uftKUyyz76N5cndxNSt8m1RTkAw+54rQKWBecLwQIDAQAB"

This still doesn't seem to work however.

Would anyone know of the way to successfully propagate a DKIM public key from a Route53 hosted zone?

Having the double quotes tells Route 53 to create a new record. Try removing all the double quotes except from start and end. — imperalix, Sep 18 '15 at 05:15
Yes, I did try this originally but it didn't work as expected. Enclosed in only a pair of quotes at beginning and end the TXT record for the DKIM key was never propagated in DNS. I found this blog post which described my issue exactly; [link](https://stelfox.net/blog/2014/07/spf-and-dkim-records-in-route-53/) Formatting the DKIM key in this way by breaking it up solved the issue, so I'm not all that concerned by the TXT record being broken up into separate packets. — Paul Browne, Sep 19 '15 at 11:04

score 2 · Answer 1 · answered Sep 16 '15 at 12:28

2

Spaces between the quotation marks were being interpreted as new-lines. Removing the spaces between the quotation marks fixed the issue.

answered Sep 16 '15 at 12:28

Paul Browne

41
1
3

1

In my experience, Route53 handles the character limit for you. We put our DKIM keys as a single record and it works just fine. – ceejayoz Sep 16 '15 at 14:39
@ceejayoz, it does not – Dmitry Mukhin May 03 '16 at 15:15

score 2 · Answer 2 · edited Dec 06 '18 at 10:23

I had a similar issue and I solved it was that in the following code block:

"v=DKIM1; h=sha256; k=rsa; s=email;"
"p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0QIXEqgbl+f3r18UaNFKk/54f06UK7hTGdNsBU/"
"9EaWYqPltJaHwtGx0j/EEHIgdYVOZyTakX7ljMBF55W"
"g1QkLeR4uy0tfU9sWTWPjfpC4zGjGyDIM6f5Gwjk1iw"
"+0f3T9uftKUyyz76N5cndxNSt8m1RTkAw+54rQKWBecLwQIDAQAB"

Needs to be separated by a space and not be a new line character "\n" If you enter each string in a new line, then it doesn't work as expected. It should be:

"v=DKIM1; h=sha256; k=rsa; s=email;" "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0QIXEqgbl+f3r18UaNFKk/54f06UK7hTGdNsBU/" "9EaWYqPltJaHwtGx0j/EEHIgdYVOZyTakX7ljMBF55W" "g1QkLeR4uy0tfU9sWTWPjfpC4zGjGyDIM6f5Gwjk1iw" "+0f3T9uftKUyyz76N5cndxNSt8m1RTkAw+54rQKWBecLwQIDAQAB"

I tried to do the above, splitting my key in a text editor (`gedit`) and copy/pasting it into the Route53 TXT field. This seemed to result in Route53 handling the splitting space similar to a `"\n"` character. Deleting the space and re-entering it in the TXT field box in the AWS web console it's self solved the issue. (Possibly wouldn't have been an issue if I was using the AWS CLI.) — PicoutputCls, Apr 30 '19 at 09:47

Route53 DNS and DKIM/TXT

2 Answers2