2

I have tried a few ways (the GUI, command line, with quotes, without) and I can't get the DKIM record added to google DNS. We're porting all records to google DNS and then turning google DNS on(if we can get it working first). Here is the final 2 commands of adding the record and executing the transaction and the output:

Deans-MacBook-Pro:authservice dean$ gcloud dns --project=orderly-gcp record-sets transaction add \"v=DKIM1\;\ k=rsa\;\ p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiC1U9FnYKnw3tJ/kvISikBBAUZWrDYNYV4q0lN\+z7PjVIh5tk86b4jBvFzcR6ug3hD02JNgphEdGbYmFtjjfxN1gXVp61aRM/yJUw2oMNRXsmmUzE4Hl3yUQihJkE\+lvDWZDx\+S4MIb4KlRvdkEmRG4fowQxb4AAXf\+FaKbf8h9VZ3O2KqV18P0OoDjlJMyOOePSnf8Hgsym246M1aIhpBQM34X2/gY4dpBeFXG\+dEWq7TICQEKXKypYIhsJDxCj03jL/ro8AoWyhQ5Lz6H3/g1RIsuzAJtVlmlSoZOn/lyHFKyh/\+kkt/jyrE6DNN7JXTxXZBdE5yKsdG3zkYBqwIDAQAB\" --name=google._domainkey.orderlyhealth.com. --ttl=300 --type=TXT --zone=orderlyhealth
Record addition appended to transaction at [transaction.yaml].
Deans-MacBook-Pro:authservice dean$ gcloud dns --project=orderly-gcp record-sets transaction execute --zone=orderlyhealth
ERROR: (gcloud.dns.record-sets.transaction.execute) HTTPError 400: Invalid value for 'entity.change.additions[1].rrdata[0]': '"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqiC1U9FnYKnw3tJ/kvISikBBAUZWrDYNYV4q0lN+z7PjVIh5tk86b4jBvFzcR6ug3hD02JNgphEdGbYmFtjjfxN1gXVp61aRM/yJUw2oMNRXsmmUzE4Hl3yUQihJkE+lvDWZDx+S4MIb4KlRvdkEmRG4fowQxb4AAXf+FaKbf8h9VZ3O2KqV18P0OoDjlJMyOOePSnf8Hgsym246M1aIhpBQM34X2/gY4dpBeFXG+dEWq7TICQEKXKypYIhsJDxCj03jL/ro8AoWyhQ5Lz6H3/g1RIsuzAJtVlmlSoZOn/lyHFKyh/+kkt/jyrE6DNN7JXTxXZBdE5yKsdG3zkYBqwIDAQAB"'
Serhii Rohoza
  • 1,354
  • 2
  • 4
  • 14
Dean Hiller
  • 841
  • 4
  • 14
  • 31

1 Answers1

2

I've tried to add DKIM record generated online to the test domain re2.xxx.xxx in my test project:

1582300947.xxx._domainkey.re2.xxx.xxx

v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNGban25809+iUFrb1Eg3Hlt1KiVsE6/ug+ifhJ31eYisjcFHVbJ5HE76uuLHXEPnAPfGnAkOo2EWuZSUCOb/8uaI/NMu99vtvXw+egoK8yQ/t0GpY7TGtm/IFRNEHt3W/R98WkQJdygX7vb/9Vel+BR+hbVw/gI/c8VOKqOxH2QIDAQAB

UI:

  • DNS name:

1582300947.xxx._domainkey.re2.xxx.xxx

  • TXT data:

"v=DKIM1;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNGban25809+iUFrb1Eg3Hlt1KiVsE6/ug+ifhJ31eYisjcFHVbJ5HE76uuLHXEPnAPfGnAkOo2EWuZSUCOb/8uaI/NMu99vtvXw+egoK8yQ/t0GpY7TGtm/IFRNEHt3W/R98WkQJdygX7vb/9Vel+BR+hbVw/gI/c8VOKqOxH2QIDAQAB"

dns_result

after that I've checked TXT record with command:

$ dig TXT 1582300947.xxx._domainkey.re2.xxx.xxx @ns-cloud-a1.googledomains.com        

; <<>> DiG 9.11.5-P4-5.1+build2-Debian <<>> TXT 1582300947.xxx._domainkey.re2.xxx.xxx @ns-cloud-a1.googledomains.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36175
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;1582300947.xxx._domainkey.re2.xxx.xxx. IN TXT

;; ANSWER SECTION:
1582300947.xxx._domainkey.re2.xxx.xxx.  300 IN TXT "v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNGban25809+iUFrb1Eg3Hlt1KiVsE6/ug+ifhJ31eYisjcFHVbJ5HE76uuLHXEPnAPfGnAkOo2EWuZSUCOb/8uaI/NMu99vtvXw+egoK8yQ/t0GpY7TGtm/IFRNEHt3W/R98WkQJdygX7vb/9Vel+BR+hbVw/gI/c8VOKqOxH2QIDAQAB"

;; Query time: 28 msec
;; SERVER: 2001:4860:4802:32::6a#53(2001:4860:4802:32::6a)
;; WHEN: Fri Feb 21 17:17:09 CET 2020
;; MSG SIZE  rcvd: 310

and it works.

command line:

$ gcloud dns --project=test-prj record-sets transaction start --zone=re2
$ gcloud dns --project=test-prj record-sets transaction add \"v=DKIM1\;t=s\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNGban25809\+iUFrb1Eg3Hlt1KiVsE6/ug\+ifhJ31eYisjcFHVbJ5HE76uuLHXEPnAPfGnAkOo2EWuZSUCOb/8uaI/NMu99vtvXw\+egoK8yQ/t0GpY7TGtm/IFRNEHt3W/R98WkQJdygX7vb/9Vel\+BR\+hbVw/gI/c8VOKqOxH2QIDAQAB\" --name=1582300947.xxx._domainkey.re2.xxx.xxx. --ttl=300 --type=TXT --zone=re2
$ gcloud dns --project=test-prj record-sets transaction execute --zone=re2
Executed transaction [transaction.yaml] for managed-zone [re2].
Created [https://dns.googleapis.com/dns/v1/projects/test-prj/managedZones/re2/changes/3].
ID  START_TIME                STATUS
3   2020-02-21T16:28:12.667Z  pending

and it also works as expected:

$ dig TXT 1582300947.xxx._domainkey.re2.xxx.xxx @ns-cloud-a1.googledomains.com

; <<>> DiG 9.11.5-P4-5.1+build2-Debian <<>> TXT 1582300947.xxx._domainkey.re2.xxx.xxx @ns-cloud-a1.googledomains.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11807
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;1582300947.xxx._domainkey.re2.xxx.xxx. IN TXT

;; ANSWER SECTION:
1582300947.xxx._domainkey.re2.xxx.xxx.  300 IN TXT "v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDNGban25809+iUFrb1Eg3Hlt1KiVsE6/ug+ifhJ31eYisjcFHVbJ5HE76uuLHXEPnAPfGnAkOo2EWuZSUCOb/8uaI/NMu99vtvXw+egoK8yQ/t0GpY7TGtm/IFRNEHt3W/R98WkQJdygX7vb/9Vel+BR+hbVw/gI/c8VOKqOxH2QIDAQAB"

;; Query time: 28 msec
;; SERVER: 2001:4860:4802:32::6a#53(2001:4860:4802:32::6a)
;; WHEN: Fri Feb 21 17:40:19 CET 2020
dig TXT 1582300947.xxx._domainkey.re2.xxx.xxx @ns-cloud-a1.googledomains.com

UPDATE Have a look at the documentation Details on selecting resource record types:

Text data, which can contain arbitrary text and can also be used to define machine-readable data, such as security or abuse prevention information. A TXT record may contain one or more text strings; the maximum length of each string is 255 characters. Mail agents and other software agents concatenate multiple strings. Enclose each string in quotation marks. For example:

"Hello world" "Bye world"

If your DKIM record contains more then 255 characters you should split it. For example, split the DKIM key into two parts as follows:

"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraC3pqvqTkAfXhUn7Kn3JUNMwDkZ65ftwXH58anno/bElnTDAd/idk8kWpslrQIMsvVKAe+mvmBEnpXzJL+0LgTNVTQctUujyilWvcONRd/z37I34y6WUIbFn4ytkzkdoVmeTt32f5LxegfYP4P/w7QGN1mOcnE2Qd5SKIZv3Ia1p9d6uCaVGI8brE/7zM5c/"
"zMthVPE2WZKA28+QomQDH7ludLGhXGxpc7kZZCoB5lQiP0o07Ful33fcED73BS9Bt1SNhnrs5v7oq1pIab0LEtHsFHAZmGJDjybPA7OWWaV3L814r/JfU2NK1eNu9xYJwA8YW7WosL45CSkyp4QeQIDAQAB"

In addition to the documentation above please check this article.

Serhii Rohoza
  • 1,354
  • 2
  • 4
  • 14