DNS text record length too short for DKIM key

Discussion in 'Installation/Configuration' started by kerrsmith, Sep 30, 2016.

  1. kerrsmith

    kerrsmith Member

    I have just upgraded from ISPConfig to ISPConfig 3.1 and am testing out the interesting new features such as DKIM.

    I have set my DKIM strength to normal (2048).

    I created a DKIM private key and in the DNS box is the following:

    v=DKIM1; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7KHrEqoiGpKke/kTwym9IiTqBiH9A42YtcsGfEW1d+V1qrT/nsB8rlXjpePGX8S+2xo9ob7nlyIxmk1orp6NmkriL7vPc3hX6I/m7S7V8iwv4Q2V/EbeQfrw5GeF5OJSxoWrUed/hxGWT4xGOeOEM106TWsCXNJfMPuLroEkwe0ld5W/rA0Dw9eCRt6hVWV/6Oqaej1NvfbFh/sX5Qf32mJ1Cza/HM1oAT5J6hDaaT2xXbVXpQvce5gxg3BmvK2Gz45Y2iREWdn4nUXCPuw4YuaTR8ke7+fa+IDKkkFl9Sd1GnRKJMDFWMjQPgvO68eXcftAczbohgYxswy8Gel+kQIDAQAB

    I did a few checks online at:


    These generated some key errors so I checked my settings and found that the DNS TXT value for the key is:

    v=DKIM1; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7KHrEqoiGpKke/kTwym9IiTqBiH9A42YtcsGfEW1d+V1qrT/nsB8rlXjpePGX8S+2xo9ob7nlyIxmk1orp6NmkriL7vPc3hX6I/m7S7V8iwv4Q2V/EbeQfrw5GeF5OJSxoWrUed/hxGWT4xGOeOEM106TWsCXNJfMPuLroEkwe0ld5W/rA0Dw9eCRt6hVWV/6Oq

    This is missing a large part of the key which is why I am getting errors. I have checked the actual bind records for my domains and these too only contain the partial DKIM key.
    Last edited: Oct 1, 2016
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    The length of the field in ISPConfig 3.1 is 64k, so that's not an issue in ISPConfig 3.1. Check your database scheme to ensure that the data column in the dns_rr table is of type text as used by ispconfig 3.1 and not e.g. varchar 255.
  3. kerrsmith

    kerrsmith Member

    Yes, this is the issue.

    I guess this field did not update to text from varchar 255 when I did the update.

    I will redo the DKIM keys and test again.

    Thanks for your help.
  4. kerrsmith

    kerrsmith Member

    I have recreated the keys and checked they are correctly stored in the TXT field, which they now are.

    The tests on the sites mentioned above both work correctly now.

    Thanks again for your help.
  5. kerrsmith

    kerrsmith Member

    Does this small issue need to be added to the bug tracker as I would guess the data column in the dns_rr table should have been modified during the update process.

    If this is the case I can add it.
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    I've updated several servers here and all got the right length in that table. The field length gets updated in the upd_0078.sql update file. Maybe there was a problem on your system to apply the changes in the database scheme.
  7. kerrsmith

    kerrsmith Member

    I have just done a diff on my scheme against the 3.1 scheme and they are very similar, mostly the differences were just the capitalisation of words like 'unsigned' and 'default' - there were not any other differences apart from one:

    `dnssec_last_signed` BIGINT NOT NULL DEFAULT '0' ------> 3.1 version
    `dnssec_last_signed` bigint(20) NOT NULL DEFAULT '0' ------> my version

    Everything appears to be working fine and the new control panel looks great by the way!
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    I guess that should be ok.

Share This Page