I am going to be short, but effective I was playing with DKIM and tried to add records to one domain. The validator would not let me add the correct record (i.e. k1._domainkey) because of the underscore The regex in the form checking needs updating from 'regex' => '/^[a-zA-Z0-9\.\-\*]{0,255}$/', to 'regex' => '/^[a-zA-Z0-9\.\-\*\_]{0,255}$/', to include the _ I hope this is fixed ASAP upstream ispcomm
I use the ispconfig dkim plugin and it works fine in 3.0.5.4p8 and it works also in 3.1-dev without the above change.
Your suggested regex is a part of the dkim-plugin. If you want to use dkim on your own, you can change the regex. But you should use the patch from here.
Please don't focus on DKIM itself. I am posting a fix for a generic DNS handling problem. DKIM is irrelevant. Underscores are used in Windows AD names and may be used for any other purpose. The current regexp is too restrictive. I'm running the last 3.0.5.4p8 as well.
This is already integrated in 3.1: regex' => '/^[a-zA-Z0-9\.\-\_]{0,255}$/' If you need this with the current release, adjust the regex or use the dkim-patch for 3.0.5.4. I don´t know, why you need * for a txt-record.
Thank you florian, I already patched my regex, but reported back my findings. Regarding the '*' I just took the current regex, which contained a '*' and added the underscore. I.e. it was there. Also the regex is unique for the 'name' field so a '*' does apply in some cases (I guess legacy mydns stuff).
Assuming that * is for wildcard DNS records, they can be used with TXT, eg. you can create a wildcard SPF record to disallow using bogus hostnames from your domain in smtp HELO. Code: * IN TXT "v=spf1 a -all" I setup some tracking exists: records for fun (see http://www.openspf.org/RFC_4408#macros) and found completely random/unrelated servers on the internet identifying to other unrelated systems as bogus hostnames from our domain. (Also as valid hostnames and as former/old mail server names.) It's a tiny bit of mail/spam that gets blocked with that wildcard SPF record, but doesn't hurt. (I initially setup the tracking exists: to see how many former customers might have machines identifying on our domain, and (to my surprise) it was almost zero, so the wildcard -all remains.)
