DKIM 4096 bit keylength

nschmidt33 · ‎09-28-2023

Hello, does infoblox support a DKIM record of 4096 bit keylength? If so, how does one implement this as the field for a txt record is only 512 characters long?

Layer8 · ‎02-14-2024

You gotta split the strings. Create multiple records of the same name.

Per RFC 4408 3.1.3:

As defined in [RFC1035] sections 3.3.14 and 3.3, a single text DNS record (either TXT or SPF RR types) can be composed of more than one string. If a published record contains multiple strings, then the record MUST be treated as if those strings are concatenated together without adding spaces.

For example:

IN TXT "v=spf1 .... first" "second string..."
MUST be treated as equivalent to

IN TXT "v=spf1 .... firstsecond string..."
SPF or TXT records containing multiple strings are useful in constructing records that would exceed the 255-byte maximum length of a string within a single TXT or SPF RR record.

Note that this is NOT the same as having multiple records at the same label

@ IN TXT “something”

@ IN TXT “something else”

Is not the same as

@ IN TXT “something” “something else”

The above will always come out the same, important for key data. The former/first will undoubtedly come out the wrong way round sometimes.

NIOS DNS DHCP IPAM

DKIM 4096 bit keylength

Re: DKIM 4096 bit keylength