I setup a DKIM record where I had to break up the value because it exceeded the 255 character length limitation. But now I see that online checkers are complaining about the p= not being base64 encoded. Such as this site - http://dkimcore.org/c/keycheck. Here is how I have it setup in DNS:
mta._domainkey.domain.com. IN TXT "v=DKIM1; k=rsa p=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/" \ " xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx"
In the p value, I used one of 2 formats that as I understand it, must be used when working with longer keys. So as you can see I have the slash
"xxxxxx/" \ "xxxxxx"
in there to separate the two strings. This is also the only way I could get BIND to stop complaining about the zone having syntax errors and pass its validation. I tried running it all together there without quotes and using only the slash but BIND complained. So I proceeded to use the space \ space format. Now, using the online checker, It tells me my key is "not good" and my p value is not base 64 encoded. My questions are:
1) Is the online checker complaining because it sees the record split and does not deal with that correctly or does my key actually have a problem?
2) I am wondering since it says base 64 if its not liking all of the other slashes that's in the value? Should those be in there?
3) What is best practice for working with long keys in both BIND and getting online tools to work with longer keys?
UPDATE: Here is the exact error I get on the server when I try to run the record all together without the xxxxx" \ "xxxxxxx"
dns_rdata_fromtext: db.file:70: syntax error
_default/zonename/IN: syntax error
zone zonemane/IN: loading from master file zonefile failed: syntax error
zone zonename/IN: not loaded due to errors.
