Dkim + zone file issues

NSD
1

i run nsd 4.0.3 and can't for the life of me seem to get a dkim record
accepted and propagated

cmds used:

$ dnssec-keygen -a ECDSAP384SHA384 example.com
$ dnssec-keygen -a ECDSAP384SHA384 -f KSK example.com
$ cat Kexample.com*.key >> example.com
$ dnssec-signzone -o example.com example.com

ive used the usual bind dnssec tools and followed your dnssec howto tute
to gen keys but they never pass the final cmd complaining about the dkim
entry

dnssec-signzone: error: dns_rdata_fromtext: example.com:24: syntax error
dnssec-signzone: fatal: failed loading zone from 'example.com': syntax error

the only way i get it to work and for it to produce the signed zone file
is to simply remove the dkim entry altogether, which does succeed

what is my dkim entry ?

mail._domainkey.example.com. IN TXT ("v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0B

no spaces between tags, no spaces for entire p tag

i saw an earlier ticket whereby a member said creating a space between
brackets, or trying specifying the public key on different lines
enclosed in talking marks and ive tried all manner of combinations but
its not making sense from this point on

2

Hi,

i run nsd 4.0.3 and can't for the life of me seem to get a dkim record
accepted and propagated

cmds used:

$ dnssec-keygen -a ECDSAP384SHA384 example.com
$ dnssec-keygen -a ECDSAP384SHA384 -f KSK example.com
$ cat Kexample.com*.key >> example.com
$ dnssec-signzone -o example.com example.com

ive used the usual bind dnssec tools and followed your dnssec howto tute
to gen keys but they never pass the final cmd complaining about the dkim
entry

dnssec-signzone: error: dns_rdata_fromtext: example.com:24: syntax error
dnssec-signzone: fatal: failed loading zone from 'example.com': syntax error

the only way i get it to work and for it to produce the signed zone file
is to simply remove the dkim entry altogether, which does succeed

It looks like a dnssec-signzone issue and you should contact ISC about that.

what is my dkim entry ?

mail._domainkey.example.com. IN TXT ("v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0B

This is probably not the complete record, if it is: it misses the final
quotes and parentheses.

Best regards,
  Matthijs

3

Matthijs Mekking wrote:

Hi,

i run nsd 4.0.3 and can't for the life of me seem to get a dkim record
accepted and propagated

cmds used:

$ dnssec-keygen -a ECDSAP384SHA384 example.com
$ dnssec-keygen -a ECDSAP384SHA384 -f KSK example.com
$ cat Kexample.com*.key >> example.com
$ dnssec-signzone -o example.com example.com

ive used the usual bind dnssec tools and followed your dnssec howto tute
to gen keys but they never pass the final cmd complaining about the dkim
entry

dnssec-signzone: error: dns_rdata_fromtext: example.com:24: syntax error
dnssec-signzone: fatal: failed loading zone from 'example.com': syntax error

the only way i get it to work and for it to produce the signed zone file
is to simply remove the dkim entry altogether, which does succeed

It looks like a dnssec-signzone issue and you should contact ISC about that.

actually, in the end, it was a pedantic formatting error
i just then appended it directly into the zone file by >>
that worked

what is my dkim entry ?

mail._domainkey.example.com. IN TXT ("v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0B

This is probably not the complete record, if it is: it misses the final
quotes and parentheses.

i snipped the rest