Score:0

Server

Do spaces in DKIM records matter?

SamTzu

8/15/24, 2:28 PM

I'm trying to get BIND show my DKIM exactly like it was generated but it seems like the " sign is messing up the results for dig.

If I don't insert the public key within "" then dig only shows v=DKIM1 (and not the key). If I insert it inside "" then the other " characters used in the public key create spaces to ;; ANSWER SECTION.

Does that matter? Or will the extra spaces mess up the public key?

1 + 5

domain-name-system

bind

dkim

Nikita Kipriyanov

8/15/24, 2:30 PM

*Exactly how* was it generated? *Exactly what* are you trying to put into DNS? Note that this is *public* record, nothing to hide; you are putting a *public key* for others to be able to retrieve it at will, so nothing is wrong with sharing it.

HBruijn

8/15/24, 2:37 PM

In many cases mentioning the actual domain name and/or DNS records is essential for the community to be able to help diagnose DNS issues. This may be one too. Please refer to [this Q&A](http://meta.serverfault.com/q/963/37681) for our recommendations with regards to how and what (not) to obfuscate in your questions.

SamTzu

8/15/24, 2:45 PM

example: "v=DKIM1; t=s; p=LDHFOlsd+ZI" "KJHLLL" As you can see when using dig command " sign creates extra space between "" sign that does not exist when the key is generated.

HBruijn

8/15/24, 3:16 PM

From the RFC: https://datatracker.ietf.org/doc/html/rfc6376/#section-3.6.1 *`p= Public-key data (base64; REQUIRED)` ... INFORMATIVE NOTE: A base64string is permitted to include whitespace (FWS) at arbitrary places"* and implied there: those white spaces are meaningless

Nikita Kipriyanov

8/15/24, 4:41 PM

And, **exactly how** did you put that into the DNS zone? I don't need an example, I did that many times; I want to see **your implementation** of it to possibly spot an error if there any. E.g. how the line in **your** zone file looks like?

Score:1

Server

user1686

8/16/24, 7:15 AM

example: "v=DKIM1; t=s; p=LDHFOlsd+ZI" "KJHLLL" As you can see when using dig command " sign creates extra space between "" sign

The space is not actually part of the value. (And neither are the quotation marks – they're just delimiters printed by dig.)

The value of a TXT record consists of one or more discrete strings; each quoted item in a zone file creates a separate string in DNS, and the output of dig uses the same format, representing each item as a quoted string.

(You can imagine it as a two-element array: [ "v=DKIM1; p=blah", "blahblah" ]. Language A might use commas and double-quotes to denote an array of strings, language B might use spaces and single-quotes, but the values remain the same either way.)

The individual strings within a record are of limited length (up to 255 bytes?) so a DKIM RSA key will usually span at least two, no matter what you do.

Handling of a TXT record that contains multiple strings needs to be specified as part of each protocol that uses such TXT records. In the case of DKIM, the specification requires that all strings within a record will be concatenated without any separator. (This will be done by the DKIM validator software – not by you.)

So the result you're seeing is okay – your TXT record has two pieces, which every compliant DKIM validator will join together without a separator.

+ 2

SamTzu

8/17/24, 12:22 PM

It's refreshing to see there are still people who are able to provide accurate knowladge without the need to insert unwanted noise in the mix. Thank you.

ceejayoz

8/17/24, 1:36 PM

@SamTzu That "unwanted noise" is people trying to assist you, for free, and the questions they're asking are ones that come from seeing *many* DNS questions for which that information can be valuable. No reason to be rude.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Do spaces in DKIM records matter?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.