Author Topic: [SOLVED] DKIM key does not fit in TXT record of my registrar  (Read 636 times)

acon

  • Board Moderator
  • Zen Samurai
  • *****
  • Posts: 453
  • Karma: +18/-0
    • View Profile
[SOLVED] DKIM key does not fit in TXT record of my registrar
« on: January 31, 2021, 06:32:30 pm »
Hi, i have followed the manual at:
Quote
https://doc.zentyal.org/en/mail.html#hardening-the-mail-server to configure DKIM.
Everithing whent fine until i tryed to create the TXT record with de DKIM key in my DNS zone at hover.com.
According to Hover technical support, the max lenght of the TXT record is 255 charters.
By default, opendkim-genkey should generate 1024 bit keys. This must fit in 255 charters string so i assume the manual procedure is generating a 2048 bit key.
So, the question is:
How can i replace the generated key with a shorter one and how to reconfigure dkim to use the new key and modify the DNS record added with samba-tool.
BTW, the manual is assuming that the Zentyal DNS server is authoritative for the mail domain.
In my case, i use a split DNS scenario, where the authoritative DNS server for my domain in internet is the hover DNS and for my internal network, the authoritative DNS is my zentyal server, so i asume i have to add the TXT with the key to both DNS zones.
Any help is welcome....
« Last Edit: February 01, 2021, 11:04:18 am by acon »

acon

  • Board Moderator
  • Zen Samurai
  • *****
  • Posts: 453
  • Karma: +18/-0
    • View Profile
Re: DKIM key does not fit in TXT record of my registrar
« Reply #1 on: February 01, 2021, 07:41:34 am »
I have confirmed that the key generated is 2048, so i generated a new one with -b 1024:
Code: [Select]
opendkim-genkey -b 1024 -s mail -d mydomain.com -D /etc/opendkim/keysThe generated key now fits in 250 charters TXT record, but i need to edit or delete the record created with:
Code: [Select]
samba-tool dns add ns.mydomain.com mydomain.com mail._domainkey.mydomain.com TXT [i]key[/i]

acon

  • Board Moderator
  • Zen Samurai
  • *****
  • Posts: 453
  • Karma: +18/-0
    • View Profile
Re: DKIM key does not fit in TXT record of my registrar
« Reply #2 on: February 01, 2021, 10:19:40 am »
When trying to delete the old TXT record, i get prompted to suply a password:
Code: [Select]
Password for [dns-hostname@domain.com]:dns-hostname is a samba user and it is listed with:
Code: [Select]
sudo samba-tool user listThe password for this user is not the password defined at instalation time for administrative user (same a sudo), so i d'ont know wich password to use here.

acon

  • Board Moderator
  • Zen Samurai
  • *****
  • Posts: 453
  • Karma: +18/-0
    • View Profile
Re: [SOLVED] DKIM key does not fit in TXT record of my registrar
« Reply #3 on: February 01, 2021, 11:12:16 am »
Solved.
To modify the value of the TXT record in samba DNS, you can use the DNS administrative console from the M$ RSAT (Remote Server Administration Tool), wich can be installed in windows 10.
Run DNS console, connect to zentyal server IP and modify the record.
Thats all. I have generated new 1024 bits keys, created txt records in both internal zentyal DNS and Internet DNS and restarted services...
Shoul be modified in the manual, including the choice to generate 1024 or 2048 bit keys and an example in a split dns scenario?
« Last Edit: February 01, 2021, 11:17:36 am by acon »