#139 opendkim-genkey can create records too long for bind

2.6.7
closed-fixed
Tools (7)
6
2012-10-24
2012-09-05
Todd A. Lyons
No

I made a 1024 bit key and it produced a record for bind that looks like the following:
label._domainkey IN TXT "v=DKIM1; ... a whole bunch of stuff for a total of 321 characters"

Well, bind has a hard limit of 255 characters per line, so you need to detect that and split it the way that bind wants it to be split.

It coudl be a FAQ entry:
Q: I created a new, longer DKIM record of 1024 bits (or more) and now bind won't load the record saying "ran out of space".
A: The record must be split into one or more parts so that no part by itself has more than 255 characters. See https://lists.isc.org/pipermail/bind-users/2008-May/070204.html for a description, see http://www.virtualmin.com/node/15907 for quick fix.

Example: label._domainkey IN TXT "v=DKIM1; first 200 chars" "next 200 chars" "etc..end of record"

Discussion

    • priority: 5 --> 6
     
  • Likely outcome is conversion to perl. Will bang on it this evening.

     
  • opendkim-genkey is replaced with a perl script that can handle this, as of 2.7.0.

     
    • assigned_to: nobody --> cm-msk
     
    • status: open --> closed-fixed
     
  • Fix for this bug included in new release.