What's the right way to enter DKIM string into BIND zone file?

Question

I use Ubuntu 16.04 LTS. I'm been having this annoying issue again with entering DKIM string (that long code) into my BIND's zone file. In the past (for a different domain) I used to bypass that issue by first copying the string from OpenDKIM's mail.txt file into NotepadQQ (it's a Linux version of Notepad++). In Notepad the string didn't break itself into pieces and I just pasted it into zone file and DKIM worked (and still works!) just fine.

But recently I've got a new domain and I'm trying to setup e-mail for it. So here we go again. Same story, but my workaround doesn't work this time. I did notice though that in this string that now I'm trying to enter (UNLIKE in my previous one) there are a few slashes too... Don't know if that makes any difference... I've seen online a few solutions (like to break the string with quotation marks), but frankly I don't understand how exactly to implement it in a real life... Here's the new string (that didn't work). This is the one that started to work after splitting. I also included the selector and all the rest to make the picture complete:

mail._domainkey IN TXT "v=DKIM1; k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3611SadfrxRDAgOQXaNLnde9/vsuSdeL4a5uy+JcxkCsgfjRiVlD9uwZBD+KgG2SkDdZ6+OVndZk3YuOpzmSmzwQz5VXLH5Nh/o2Z3oZnn/zqWtp+eyMaKR1jnznxPNT6/DPvOEWxbNybbNtYlWdHl5qHrzF7BUQdTVV8jGFxrwIDAQAB"

And here's the complete working example from my old domain (the string that was't split):

mail._domainkey IN  TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfc9WdF2XaWAFSmhJkjPMcvHT54NiK7puywuaDMQ1jsNTp6wP2tujO1Fp2jzT5aMJOK4CWrOmu4dAg2jZ82CUzghMcIy0p1uN9ZpHfsaDbYMUekN6CkuwIWvcCxrRPJQoyAMnw7IU1QFpRIwzpGLomzNY9KeDZCBGkxH1lYXcacQIDAQAB"

Answer 1

One thing that makes it hard to tell what exactly was going on in your situation is how the question only includes the tail end of the record data (including a trailing "), but the beginning of the data was all missing:

p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3611SadfrxRDAgOQXaNLnde9/vsuSdeL4a5uy+JcxkCsgfjRiVlD9uwZBD+KgG2SkDdZ6+OVndZk3YuOpzmSmzwQz5VXLH5Nh/o2Z3oZnn/zqWtp+eyMaKR1jnznxPNT6/DPvOEWxbNybbNtYlWdHl5qHrzF7BUQdTVV8jGFxrwIDAQAB"

Complete DKIM data should be something like:

v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3611SadfrxRDAgOQXaNLnde9/vsuSdeL4a5uy+JcxkCsgfjRiVlD9uwZBD+KgG2SkDdZ6+OVndZk3YuOpzmSmzwQz5VXLH5Nh/o2Z3oZnn/zqWtp+eyMaKR1jnznxPNT6/DPvOEWxbNybbNtYlWdHl5qHrzF7BUQdTVV8jGFxrwIDAQAB

And as the data above is just 234 bytes (less than the 255 byte limit*), you can simply write it as a TXT record like this:

foo._domainkey.example.com. IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3611SadfrxRDAgOQXaNLnde9/vsuSdeL4a5uy+JcxkCsgfjRiVlD9uwZBD+KgG2SkDdZ6+OVndZk3YuOpzmSmzwQz5VXLH5Nh/o2Z3oZnn/zqWtp+eyMaKR1jnznxPNT6/DPvOEWxbNybbNtYlWdHl5qHrzF7BUQdTVV8jGFxrwIDAQAB"

As the beginning of the data was cut off in the question, it is hard to tell if you perhaps had other parameters in your DKIM data (other than v, k and p), or even just extraneous whitespace embedded between the parameters, which could then explain how the value you tried to fit into the TXT record might end up being >255 bytes.

But if you had for example (or a longer key, which is the more common case):

v=DKIM1; k=rsa; n=blablablablablabla; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3611SadfrxRDAgOQXaNLnde9/vsuSdeL4a5uy+JcxkCsgfjRiVlD9uwZBD+KgG2SkDdZ6+OVndZk3YuOpzmSmzwQz5VXLH5Nh/o2Z3oZnn/zqWtp+eyMaKR1jnznxPNT6/DPvOEWxbNybbNtYlWdHl5qHrzF7BUQdTVV8jGFxrwIDAQAB

You would need to split it so that each string is ≤255 bytes, for example like this:

foo._domainkey.example.com. IN TXT "v=DKIM1; k=rsa; n=blablablablablabla; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3611SadfrxRDAgOQXaNLnde9/vsuSdeL4a5uy+JcxkCsgfjRiVlD9uwZBD+KgG2SkDdZ6+OVndZk3YuOpzmSmzwQz5VXLH5Nh/o2Z3oZnn/zqWtp+eyMaKR1jnznxPNT6/DPvOEWxbNybbNtYlWdHl5qHrzF7BUQdTVV8jGFxrwIDAQA" "B"

*) The reason why there are articles mentioning splitting up the string is that the character-string values of a TXT record have a maximum length of 255 bytes, however a single TXT record can have multiple such values (each up to 255 bytes).

The DKIM spec says to just split longer values into multiple strings and for DKIM clients to concatenate multiple strings before interpreting the DKIM data.

With all that background sorted out, it's not clear from your question that your value would actually be long enough for any of this to be a concern (essentially, your DKIM key is too short for any of this to be an obvious issue).

Answer 2

Okay, someone's helped me to solve this issue this way (god only knows, but it works!)

p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3611Sad" "frxRDAgOQXaNLnde9/vsuSdeL4a5uy+JcxkCsgfjRiVlD" "9uwZBD+KgG2SkDdZ6+OVndZk3YuOpzmSmzwQz5VXLH5Nh/o2Z3oZnn/zqWtp+eyMaKR1jnznxPNT6/DPvOEWxbNybbNtYlWdHl5qHrzF7BUQdTVV8jGFxrwIDAQAB"