[dkim-ops] more on signature failure -- TXT record issues?

John R Levine johnl at taugh.com
Mon Nov 3 04:03:23 PST 2008

Another list member noticed that the DNS TXT records for my DKIM keys 
contained two strings rather than one. A TXT record is defined to contain 
a list of counted strings, with each string up to 255 bytes, and the DKIM 
spec says you concatenate all the strings together.

I found that my DNS software was limiting each string to 127 bytes rather 
than 255, so I patched it and rebuilt my DNS records, and now everything 
seems to work properly.  Hmmn.

It appears that few DKIM records that would be more than 255 characters. 
Have people checked that their verifiers do indeed handle multiple TXT 
strings correctly?  It's not something that would often come up unless you 
deliberately made the strings shorter than normal.

John Levine, johnl at taugh.com, Taughannock Networks, Cambridge UK
"I dropped the toothpaste", said Tom, crestfallenly.

More information about the dkim-ops mailing list