allow stronger dkim-keys / longer txt-records

What do you think about let the admin set the key-length for dkim-keys?

I could add a drop-down-list to server config / mail like this:
normal - 1024
high - 2048
strong - 4096

Using high or strong requieres longer txt-records, so dns_rr.data must be changed.

This will not lead to problems with bind or dns in generall. In a txt-record each string is limited to 255 chars but according to RFC 4408 you can have more than one string inside a txt-record. This looks like
(...) TXT ("first string"
"second string")

instead of

(...) TXT "string"

The dns returns a long string where are strings are joined without any ' " '.
We can also allow longer strings for txt-records in generall, but there is not really a need for longer records and will also lead to change a lot of code to reformat the value. ISPConfig creates the txt-record for dkim automaticly or by using DKIM inside a dns-zone. I don´t see any other need for longer txt-records beside domain-keys.

AFAIK there are two limitations regarding the "long string":

In generall, every string is limited to 65535 bytes - but this should be not a problem.
If you are using UDP-only for bind, the UDP-packetsize should not be greater than 512 bytes. There should be no problems on the user-side, but the firewall may block larger packets or the get fragmented on other network-layers (i´m not sure if this is nowadays relevant as ipv6 uses at least 1500 bytes).

A public-key for a private-key-2048 has 392 chars and the private-key for 4096 has 736 chars. The upd-limits above should be no problem with a key-length 2048 (returns 392chars for the key + othe values for the txt-record).

I think using TINYTEXT or TEXT for dns_rr.data should be enough and will work without any problems.

This will also solve FS#2906

 

And what about the length for such records? I`m not sure if it will work with upd-connections.

And can add some key-length to the dkim-signing and hide those values if mydns is used.