DKIM key length
Does the Linode DNS system support 2048-bit signing keys for DKIM?
Also, is there an API for setting the value of a DNS TXT record (so I can automate changing my DKIM signing key periodically)?
-- sw
2 Replies
asilverman
Linode Staff
Hey there,
In short, we don't natively support this in our DNS Manager because there's a 255 character limit. There is a way to break up your keys in the manager so that it will work. It would look something like this:
mail._domainkey IN TXT ("v=DKIM1; k=rsa; s=email; ..."
mail._domainkey IN TXT "$KEY_CONTNUED...")
If you notice, you will need to add ( in the first txt record then finish it with ) in the second record. If you have more than 510 characters, you can make a third record in the middle without parentheses. It would look like this:
mail._domainkey IN TXT ("v=DKIM1; k=rsa; s=email; ..."
mail._domainkey IN TXT $KEY_CONTINUD
mail._domainkey IN TXT "$KEY_CONTNUED...")
jecochard
Linode Staff
I just wanted to cross-post this other answer regarding DKIM length!
In the recent past our DNS Manager was updated so that it will now automatically split txt values longer than 255 and wrap the resulting strings in double quotes. You will not need to do this manually. Simply insert the complete string into the txt value field and hit save.