nsupdate - adding large/split TXT record (2048 bit DKIM key)
Andreas S. Kerber
ask at ag-trek.de
Mon Jun 1 10:50:30 UTC 2020
On Mon, Jun 01, 2020 at 04:11:43AM -0400, vom513 wrote:
> Can anyone point me to an example of how to do this ? I have a script that rotates my DKIM keys, and uses nsupdate to publish. With 1024 bit - I must be getting by by the skin of my teeth…
>
> When I try 2048 bit, the record is obviously longer. All of my attempts of running it through the Rube Goldberg sed machine have failed - nsupdate chokes on format.
Yeah, I had troubles with those 2048 bit DKIM records too. nsupdate will need it like this:
server X.X.X.X
zone ag-trek.de
update add test.ag-trek.de. 86400 IN TXT "v=DKIM1; k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LmxUW2tnM07YbofiOGR3T6KS/BfHmyPYe0GOEEch/abeTjaL3OtuhmVmr4QMe2HV/6n5SBiVh4PE2wZxUcS2LMNbo5Hn7KO3UsTbIxCKuM6jvUpWtJPgC0uBGNkEARQVBSjW9pqYUQYkXzXLEULbu1AThgaUvCbVzWmvTQeEFXbBWP24O/" "LkiprI+iKRskRv0qgIOV0CRm32tk4MP/IcZBdjZ3sHrg3myjVJPfSUBOUyISXKRtiwfIgPeCj4V97Q+psmHvnDz9EID0eZaKih8neroRBETYDLFYjd6Pv9JTqrY7jXOHhM4kmOZOUyNXEIz22JVuaNSJbtXzNWTKpyQIDAQAB"
Break up the record in chunks of less than 255 byte, enclose each of these parts with "" and feed nsupdate all of these chunks seperated with a space on one line.
More information about the bind-users
mailing list