1

DKIM Problem:

Here is how I enter the value for DKIM key:

"v=DKIM1; h=sha256; k=rsa; p=JKskfkkSLLWOFJDJFKKSLLFOxsnnisn/SnhcQp2oP1RKDYd6AdmpYf2y+0O/OayDhhLCMRHB+A3F4cYp01wXk2BF6OMuqUKGRh/5a1d8fKpW5vSCpZWf2i8rwXU0Aae11Kku742IxnPXLQFP/OUjNyWi3pZV7E6hShsKDs3Fks67Kslwoo,s+fw8z0ROCGZ9NNUQmTVf4bBmB919mrnv" "KP2n9zX3n2mty/fqv8AEWGUlMyg0EjKJtpEAt6ApdlWlfk43123m5K0UhWRH8Gf0f/v8orSwkksbmHoXX/5x7J999/EUWo+fSVjskiwk23gFcohutk85/7u4w1E9gmdnRX6C7J/Ay8fwIDAQAB"

When I try to add it AWS doesn't acceppt it because it is too long.

I came across the below post on Stackoverflow where commenters advised that I should break break up the string with (""):

DKIM for Mandrill on Amazon's Route 53

So I followed the advice and did the following:

"v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhki""G9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthZaOcxMzOmiQx""Aw7p/SnhcQp2oP1RKDYd6AdmpYf2y+0O/Oa""yDhhLCMRHB+A3F4cYp01wXk2BF6OMuqUKGRh/5a1d8""fKpW5vSCpZWf2i8rwXU0Aae11Kku742Ix""nPXLQFP/OUjNytrytrZV7E6jlkjWkjpOETcJpeWcU34VXvRRzQQ""q+fw8z0ROCGZ9NNUQmTVf4bBmB919mrnvKP2""n9zX3n2mty/fqv8AEWGUlMy""g0EjKJtpEAt6jlkjApRg1TYdzA4m5K0""UhWRH8Gf0f/v8orS27bm""HoXX/5x7J999/EUWo+fSV0TUv""0gFtrtyeutk85/7u4w1E9""gmdnRX6C7J/Ay8fwIDAQAB"

However I am still getting a DKIM fail,according to https://dmarcian.com/dkim-validator/, my Record is not formatted correctly and Public key ("p" tag) is required. I am copying and pasting directly from the terminal so I have no idea what I am doing wrong?

Furthermore, when I do a dig I receive DKIM TXT however I see gaps in where I put the apostrophes. Not sure if this is causing my problem?

I also looked at https://serverfault.com/questions/763815/route-53-doesnt-allow-adding-dkim-keys-because-length-is-too-long.

However I still get the same issues, I aslo read that doing /"/" should help, so I tried:

"v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhki""G9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthZaOcxMzOmiQx/"/"Aw7p/SnhcQp2oP1RKDYd6AdmpYf2y+0O/Oa""yDhhLCMRHB+A3F4cYp01wXk2BF6OMuqUKGRh/5a1d8"/"/fKpW5vSCpZWf2i8rwXUytut11Kku742Ix""nPXLQFP/OUjNiuyiu3pZV7E6hShWkjpOETcJpeWcU34VXvRRzQQ"/"/q+fw8z0ROCGghfhgfhNNUQmTVf4bBmB919mrnvKP2"/"/n9zX3n2mty/fqv8AEWGUlMy"/"/g0EjKJtpEAt68DpApRg1TYdzA4m5K0"/"/UhWRH8Gf0f/v8orS27bm"/"/HoXX/5x7J999/EUWo+fSV0TUv"/"/0grytstk85/7u4w1E9""gmdnRX6C7J/Ay8fwIDAQAB"

But once again I get the string is too long and I am unable to save the record... I am totally lost on what to do. I have never had such a problem setting up DKIM before.

DMARC Issue

I have set up a TXT record for DMARC such as below for mailserver, _demarc.mydomain.co.za:

"v=DMARC1; p=reject;"

When I assess the mails, there is no DMARC? I have added it correctly according to the documentation but it doesn't work?

What the heck am I doing wrong? All I can say is first and last time

I will use Route53 again, its been a horrible experience.

Chaplin
  • 45
  • 9

3 Answers3

4

Go back to your origin entry, and note what the Route 53 console says when you create a TXT record:

A text record. Enter multiple values
    on separate lines. Enclose text in
    quotation marks.
Example:
    "Sample Text Entries"
    "Enclose entries in quotation marks"

When you paste your long value in the text box, it will appear correct because your browser is breaking the space at ...9mrnv"<HERE>"KP2n... and showing two lines, but it is wrong. Deleting the space is also wrong, but delete that space and hit enter and you can save the record.

You need exactly these two lines with a line break between them (not a space expanded into a break) in the box:

"v=DKIM1; h=sha256; k=rsa; p=JKskfkkSLLWOFJDJFKKSLLFOxsnnisn/SnhcQp2oP1RKDYd6AdmpYf2y+0O/OayDhhLCMRHB+A3F4cYp01wXk2BF6OMuqUKGRh/5a1d8fKpW5vSCpZWf2i8rwXU0Aae11Kku742IxnPXLQFP/OUjNyWi3pZV7E6hShsKDs3Fks67Kslwoo,s+fw8z0ROCGZ9NNUQmTVf4bBmB919mrnv"
"KP2n9zX3n2mty/fqv8AEWGUlMyg0EjKJtpEAt6ApdlWlfk43123m5K0UhWRH8Gf0f/v8orSwkksbmHoXX/5x7J999/EUWo+fSVjskiwk23gFcohutk85/7u4w1E9gmdnRX6C7J/Ay8fwIDAQAB"

Tested in the Route 53 console.

Michael - sqlbot
  • 169,571
  • 25
  • 353
  • 427
4

UPDATE APRIL 2021:

It seems that Route53 has changed since the accepted answer was posted. The only way I managed to make my DKIM valid was by having no line break (and no space) between the chunks.

Example record:
TXT [selector]._domainkey
"v=DKIM1;k=rsa;p=MII.....""....SKFKFDAB"

Hacktisch
  • 1,392
  • 15
  • 33
  • 1
    This is the correct method according to this article: https://aws.amazon.com/premiumsupport/knowledge-center/route53-resolve-dkim-text-record-error/ – atlas_scoffed Sep 08 '21 at 01:58
1

AWS posted a tutorial on how to solve this issue: https://aws.amazon.com/premiumsupport/knowledge-center/route53-resolve-dkim-text-record-error/

In essence:

  • Make it 2 chunks of length < 254
  • Enclose the chunks in double quotes.
  • Use NO line breaks between them when pasting the value in Route53's record editor.
hernvnc
  • 827
  • 11
  • 18