search

abh / geodns

DNS server with per-client targeted responses
Apache License 2.0
1.39k stars 193 forks source link

TXT records of length more than 255 chars #108

Open AnoopAlias opened 6 years ago

AnoopAlias commented 6 years ago

geoDNS does not support txt records with more than 255 char . But I am facing issues in splitting up a very big DKIM record .

xyz: { "txt" : [" firstpartof string","secondpart"]}

This seems to work and geoDNS provide the 2 records in query , but the DKIM is shown as invalid

Is there a way around to add such DKIM record, all the notes I have read say ..if we just pass the 2 records, the client DKIM checker must concatenate and use it

https://kb.isc.org/article/AA-00356/0/Can-I-have-a-TXT-or-SPF-record-longer-than-255-characters.html

abh commented 6 years ago

What does bind, nsd or PowerDNS do in this case?

AnoopAlias commented 6 years ago

@abh

Following is binds response from dig tool

;; QUESTION SECTION:
;default._domainkey.lemurstack.com. IN  TXT

;; ANSWER SECTION:
default._domainkey.lemurstack.com. 14263 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhdA/p6ZekbZYE18fvDtbEK/yqfgtuaZdCZawnLhZ0FikZAYW2+g2dHi0Oa/H/p7yd9RM/BoU1MdsTWtXphfOZgOLhG74UqbON/WWxyebIzbM+z8aD0ACkL6AzQGfESMQVIwcTQ0WHKAiYnrlJIgsW72XQeJJhSIpIaot1BnmBrcwSOKpqP8R3GstKMToeWd+" "m8H0PZ1Quos9y4hii4pxBBkTBUq/i6iAezrbAbD51mxwG1uT4r/qh9U5Hz4noQ2Dpz1l14xThs2vQKLqS2odOYJXWH6uPsVSp1yD2jX8746aKlqlUoBmDwP1rLxVsB7ipS0VkHu0rdedusuqFce5wIDAQAB;"

The entry in binds DB file is as follows

default._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhdA/p6ZekbZYE18fvDtbEK/yqfgtuaZdCZawnLhZ0FikZAYW2+g2dHi0Oa/H/p7yd9RM/BoU1MdsTWtXphfOZgOLhG74UqbON/WWxyebIzbM+z8aD0ACkL6AzQGfESMQVIwcTQ0WHKAiYnrlJIgsW72XQeJJhSIpIaot1BnmBrcwSOKpqP8R3GstKMToeWd+" m8H0PZ1Quos9y4hii4pxBBkTBUq/i6iAezrbAbD51mxwG1uT4r/qh9U5Hz4noQ2Dpz1l14xThs2vQKLqS2odOYJXWH6uPsVSp1yD2jX8746aKlqlUoBmDwP1rLxVsB7ipS0VkHu0rdedusuqFce5wIDAQAB\;

I tried to split this in geoDNS and it is providing 2 response when queried but doesn't seem to be valid. Online DKIM tester tools all return errors.

If the TXT record is given in entire, geoDNS does not provide response and the log says the 255-byte length exceeded

Thanks a bunch for looking into this

AnoopAlias commented 6 years ago

I tried recommendations here:

https://serverfault.com/questions/255580/how-do-i-enter-a-strong-long-dkim-key-into-dns

http://hack.limbicmedia.ca/how-to-split-dns-dkim-records-properly/

abh commented 6 years ago

On Apr 24, 2018, at 0:48, Anoop P Alias notifications@github.com wrote:

I tried to split this in geoDNS and it is providing 2 response when queried but doesn't seem to be valid. Online DKIM tester tools all return errors.

Hm. My best guess is that GeoDNS randomizes the order. The easiest fix is probably to teach it to split long txt records and preserve the order in that case.

AnoopAlias commented 6 years ago

@abh - geoDNS automatically handling the long TXT record would be fabulous.