[dkim-ops] more on signature failure -- TXT record issues?
John R Levine
johnl at taugh.com
Mon Nov 3 04:03:23 PST 2008
Another list member noticed that the DNS TXT records for my DKIM keys
contained two strings rather than one. A TXT record is defined to contain
a list of counted strings, with each string up to 255 bytes, and the DKIM
spec says you concatenate all the strings together.
I found that my DNS software was limiting each string to 127 bytes rather
than 255, so I patched it and rebuilt my DNS records, and now everything
seems to work properly. Hmmn.
It appears that few DKIM records that would be more than 255 characters.
Have people checked that their verifiers do indeed handle multiple TXT
strings correctly? It's not something that would often come up unless you
deliberately made the strings shorter than normal.
John Levine, johnl at taugh.com, Taughannock Networks, Cambridge UK
"I dropped the toothpaste", said Tom, crestfallenly.
More information about the dkim-ops