problems with long TXT records

Discussion in 'General' started by nhybgtvfr, Jan 9, 2017.

  1. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    i'm trying to migrate servers from various platforms into ispconfig.
    i'm using ispconfig on ubuntu 14.04 ( i know i should update to ubuntu 16.04, ispconfig 3.1 and make php 7 the minimum version. testing and migration was started before the release of 3.1, and i want to complete the migration before complicating things with other updates, and i know damn well that many of the sites we host are not php7 compliant yet)

    the problem i have is with one domain that has a very long TXT record. it's a domainkey record and is longer than 255 characters.
    on the old dns server (bind) the record was split into 3 quoted strings, because bind wouldn't accept it as a single string:

    google._domainkey IN TXT "v=DKIM; k=rsa;" "p=MII........Jila" "RuRwt.........AQAB;"

    however, i can't even add it like this into ispconfig, the text field is not long enough.
    how do i get this TXT record into the system? does ispconfig 3.1 allow longer TXT records entries?

  2. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

  3. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    ok, i've updated to ispconfig 3.1.1 (not included patch1, using apache so it doesn't appear to apply)
    i can now see the option to add a dkim record in the dns area. but the Public-Key and DKIM-Selector fields are greyed out, i can't enter anything into them for any domain.
    what's going on there? how do i fix that?

    also, once fixed, for the dkim-selector, am i better using google._domainkey or google._domainkey.domainname.tld. ?
    i know they're effectively the same. just wondering if there was any reason to go one way or the other.
    and for the public key, should i be including the V=DKIM1 p= part, or is it really just the public key itself?
  4. florian030

    florian030 Well-Known Member HowtoForge Supporter

    Just create the dkim-keys for the maildomains. Ispconfigs stores the public-key in the dns-zone.
    If you have already dkim-keys configured with amavis, there is a helper-script in the archive (ispconfig3/helper_scripts/import_dkim.php).
    You can use whatever you want for the delimiter. This delemiter is used to get the correct key from the dns (if you more then one key-pair).
  5. nhybgtvfr

    nhybgtvfr Well-Known Member HowtoForge Supporter

    but we don't provide any mail services for this domain, it's just website hosting and dns. their mail is with google.
    our mailserver will not be doing any dkim signing of any of their mail, i just want to recreate the dns record itself.
  6. florian030

    florian030 Well-Known Member HowtoForge Supporter

    you can create a txt-record with the dkim-public-key

Share This Page