Discussion:
nsupdate - adding large/split TXT record (2048 bit DKIM key)
(too old to reply)
vom513
2020-06-01 08:11:43 UTC
Permalink
Hello,

Can anyone point me to an example of how to do this ? I have a script that rotates my DKIM keys, and uses nsupdate to publish. With 1024 bit - I must be getting by by the skin of my teeth…

When I try 2048 bit, the record is obviously longer. All of my attempts of running it through the Rube Goldberg sed machine have failed - nsupdate chokes on format.

I see lots of blogposts on how to split long TXT records, but I specifically need the bits to make nsupdate happy. The blogs all have these being entered by hand or through some web gui. It’s nsupdate’s particulars that are eluding me.

Thanks in advance for any clue.
Andreas S. Kerber
2020-06-01 10:50:30 UTC
Permalink
Post by vom513
Can anyone point me to an example of how to do this ? I have a script that rotates my DKIM keys, and uses nsupdate to publish. With 1024 bit - I must be getting by by the skin of my teeth…
When I try 2048 bit, the record is obviously longer. All of my attempts of running it through the Rube Goldberg sed machine have failed - nsupdate chokes on format.
Yeah, I had troubles with those 2048 bit DKIM records too. nsupdate will need it like this:

server X.X.X.X
zone ag-trek.de
update add test.ag-trek.de. 86400 IN TXT "v=DKIM1; k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LmxUW2tnM07YbofiOGR3T6KS/BfHmyPYe0GOEEch/abeTjaL3OtuhmVmr4QMe2HV/6n5SBiVh4PE2wZxUcS2LMNbo5Hn7KO3UsTbIxCKuM6jvUpWtJPgC0uBGNkEARQVBSjW9pqYUQYkXzXLEULbu1AThgaUvCbVzWmvTQeEFXbBWP24O/" "LkiprI+iKRskRv0qgIOV0CRm32tk4MP/IcZBdjZ3sHrg3myjVJPfSUBOUyISXKRtiwfIgPeCj4V97Q+psmHvnDz9EID0eZaKih8neroRBETYDLFYjd6Pv9JTqrY7jXOHhM4kmOZOUyNXEIz22JVuaNSJbtXzNWTKpyQIDAQAB"


Break up the record in chunks of less than 255 byte, enclose each of these parts with "" and feed nsupdate all of these chunks seperated with a space on one line.
Ondřej Surý
2020-06-01 11:08:24 UTC
Permalink
I think it’s reasonable for nsupdate to do the chunking on itself. Patches are always welcome, but if you can start by creating issue for us, it would be very much welcome. I can’t offer you any timeframe, but at least it won’t get lost.

Ondrej
--
Ondřej SurÃœ
Post by Andreas S. Kerber
Can anyone point me to an example of how to do this ? I have a script that rotates my DKIM keys, and uses nsupdate to publish. With 1024 bit - I must be getting by by the skin of my teeth

When I try 2048 bit, the record is obviously longer. All of my attempts of running it through the Rube Goldberg sed machine have failed - nsupdate chokes on format.
server X.X.X.X
zone ag-trek.de
update add test.ag-trek.de. 86400 IN TXT "v=DKIM1; k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LmxUW2tnM07YbofiOGR3T6KS/BfHmyPYe0GOEEch/abeTjaL3OtuhmVmr4QMe2HV/6n5SBiVh4PE2wZxUcS2LMNbo5Hn7KO3UsTbIxCKuM6jvUpWtJPgC0uBGNkEARQVBSjW9pqYUQYkXzXLEULbu1AThgaUvCbVzWmvTQeEFXbBWP24O/" "LkiprI+iKRskRv0qgIOV0CRm32tk4MP/IcZBdjZ3sHrg3myjVJPfSUBOUyISXKRtiwfIgPeCj4V97Q+psmHvnDz9EID0eZaKih8neroRBETYDLFYjd6Pv9JTqrY7jXOHhM4kmOZOUyNXEIz22JVuaNSJbtXzNWTKpyQIDAQAB"
Break up the record in chunks of less than 255 byte, enclose each of these parts with "" and feed nsupdate all of these chunks seperated with a space on one line.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
https://lists.isc.org/mailman/listinfo/bind-users
vom513
2020-06-01 13:46:13 UTC
Permalink
Post by Andreas S. Kerber
server X.X.X.X
zone ag-trek.de
update add test.ag-trek.de. 86400 IN TXT "v=DKIM1; k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LmxUW2tnM07YbofiOGR3T6KS/BfHmyPYe0GOEEch/abeTjaL3OtuhmVmr4QMe2HV/6n5SBiVh4PE2wZxUcS2LMNbo5Hn7KO3UsTbIxCKuM6jvUpWtJPgC0uBGNkEARQVBSjW9pqYUQYkXzXLEULbu1AThgaUvCbVzWmvTQeEFXbBWP24O/" "LkiprI+iKRskRv0qgIOV0CRm32tk4MP/IcZBdjZ3sHrg3myjVJPfSUBOUyISXKRtiwfIgPeCj4V97Q+psmHvnDz9EID0eZaKih8neroRBETYDLFYjd6Pv9JTqrY7jXOHhM4kmOZOUyNXEIz22JVuaNSJbtXzNWTKpyQIDAQAB"
Break up the record in chunks of less than 255 byte, enclose each of these parts with "" and feed nsupdate all of these chunks seperated with a space on one line.
Thanks - that’s what I needed. I have an ‘h=‘ tag as well, so I split mine into 3 “chunks”.
vom513
2020-06-01 14:11:06 UTC
Permalink
Done:

https://gitlab.isc.org/isc-projects/bind9/-/issues/1907 <https://gitlab.isc.org/isc-projects/bind9/-/issues/1907>

Thanks.
Post by Ondřej Surý
I think it’s reasonable for nsupdate to do the chunking on itself. Patches are always welcome, but if you can start by creating issue for us, it would be very much welcome. I can’t offer you any timeframe, but at least it won’t get lost.
Ondrej
--
Ondřej SurÃœ
Loading...