nsupdate - adding large/split TXT record (2048 bit DKIM key)

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

nsupdate - adding large/split TXT record (2048 bit DKIM key)

vom513
Hello,

Can anyone point me to an example of how to do this ?  I have a script that rotates my DKIM keys, and uses nsupdate to publish.  With 1024 bit - I must be getting by by the skin of my teeth…

When I try 2048 bit, the record is obviously longer.  All of my attempts of running it through the Rube Goldberg sed machine have failed - nsupdate chokes on format.

I see lots of blogposts on how to split long TXT records, but I specifically need the bits to make nsupdate happy.  The blogs all have these being entered by hand or through some web gui.  It’s nsupdate’s particulars that are eluding me.

Thanks in advance for any clue.

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: nsupdate - adding large/split TXT record (2048 bit DKIM key)

Andreas S. Kerber
On Mon, Jun 01, 2020 at 04:11:43AM -0400, vom513 wrote:
> Can anyone point me to an example of how to do this ?  I have a script that rotates my DKIM keys, and uses nsupdate to publish.  With 1024 bit - I must be getting by by the skin of my teeth…
>
> When I try 2048 bit, the record is obviously longer.  All of my attempts of running it through the Rube Goldberg sed machine have failed - nsupdate chokes on format.

Yeah, I had troubles with those 2048 bit DKIM records too. nsupdate will need it like this:

server X.X.X.X
zone ag-trek.de
update add test.ag-trek.de. 86400 IN TXT    "v=DKIM1; k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LmxUW2tnM07YbofiOGR3T6KS/BfHmyPYe0GOEEch/abeTjaL3OtuhmVmr4QMe2HV/6n5SBiVh4PE2wZxUcS2LMNbo5Hn7KO3UsTbIxCKuM6jvUpWtJPgC0uBGNkEARQVBSjW9pqYUQYkXzXLEULbu1AThgaUvCbVzWmvTQeEFXbBWP24O/" "LkiprI+iKRskRv0qgIOV0CRm32tk4MP/IcZBdjZ3sHrg3myjVJPfSUBOUyISXKRtiwfIgPeCj4V97Q+psmHvnDz9EID0eZaKih8neroRBETYDLFYjd6Pv9JTqrY7jXOHhM4kmOZOUyNXEIz22JVuaNSJbtXzNWTKpyQIDAQAB"


Break up the record in chunks of less than 255 byte, enclose each of these parts with "" and feed nsupdate all of these chunks seperated with a space on one line.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: nsupdate - adding large/split TXT record (2048 bit DKIM key)

Ondřej Surý
I think it’s reasonable for nsupdate to do the chunking on itself. Patches are always welcome, but if you can start by creating issue for us, it would be very much welcome. I can’t offer you any timeframe, but at least it won’t get lost.

Ondrej
--
Ondřej Surý
[hidden email]

> On 1 Jun 2020, at 12:50, Andreas S. Kerber <[hidden email]> wrote:
>
> On Mon, Jun 01, 2020 at 04:11:43AM -0400, vom513 wrote:
>> Can anyone point me to an example of how to do this ?  I have a script that rotates my DKIM keys, and uses nsupdate to publish.  With 1024 bit - I must be getting by by the skin of my teeth…
>>
>> When I try 2048 bit, the record is obviously longer.  All of my attempts of running it through the Rube Goldberg sed machine have failed - nsupdate chokes on format.
>
> Yeah, I had troubles with those 2048 bit DKIM records too. nsupdate will need it like this:
>
> server X.X.X.X
> zone ag-trek.de
> update add test.ag-trek.de. 86400 IN TXT    "v=DKIM1; k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LmxUW2tnM07YbofiOGR3T6KS/BfHmyPYe0GOEEch/abeTjaL3OtuhmVmr4QMe2HV/6n5SBiVh4PE2wZxUcS2LMNbo5Hn7KO3UsTbIxCKuM6jvUpWtJPgC0uBGNkEARQVBSjW9pqYUQYkXzXLEULbu1AThgaUvCbVzWmvTQeEFXbBWP24O/" "LkiprI+iKRskRv0qgIOV0CRm32tk4MP/IcZBdjZ3sHrg3myjVJPfSUBOUyISXKRtiwfIgPeCj4V97Q+psmHvnDz9EID0eZaKih8neroRBETYDLFYjd6Pv9JTqrY7jXOHhM4kmOZOUyNXEIz22JVuaNSJbtXzNWTKpyQIDAQAB"
>
>
> Break up the record in chunks of less than 255 byte, enclose each of these parts with "" and feed nsupdate all of these chunks seperated with a space on one line.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> [hidden email]
> https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users

signature.asc (981 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: nsupdate - adding large/split TXT record (2048 bit DKIM key)

vom513
In reply to this post by Andreas S. Kerber
> On Jun 1, 2020, at 6:50 AM, Andreas S. Kerber <[hidden email]> wrote:
>
> Yeah, I had troubles with those 2048 bit DKIM records too. nsupdate will need it like this:
>
> server X.X.X.X
> zone ag-trek.de
> update add test.ag-trek.de. 86400 IN TXT    "v=DKIM1; k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LmxUW2tnM07YbofiOGR3T6KS/BfHmyPYe0GOEEch/abeTjaL3OtuhmVmr4QMe2HV/6n5SBiVh4PE2wZxUcS2LMNbo5Hn7KO3UsTbIxCKuM6jvUpWtJPgC0uBGNkEARQVBSjW9pqYUQYkXzXLEULbu1AThgaUvCbVzWmvTQeEFXbBWP24O/" "LkiprI+iKRskRv0qgIOV0CRm32tk4MP/IcZBdjZ3sHrg3myjVJPfSUBOUyISXKRtiwfIgPeCj4V97Q+psmHvnDz9EID0eZaKih8neroRBETYDLFYjd6Pv9JTqrY7jXOHhM4kmOZOUyNXEIz22JVuaNSJbtXzNWTKpyQIDAQAB"
>
>
> Break up the record in chunks of less than 255 byte, enclose each of these parts with "" and feed nsupdate all of these chunks seperated with a space on one line.

Thanks - that’s what I needed.  I have an ‘h=‘ tag as well, so I split mine into 3 “chunks”.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users
Reply | Threaded
Open this post in threaded view
|

Re: nsupdate - adding large/split TXT record (2048 bit DKIM key)

vom513
In reply to this post by Ondřej Surý
Done:


Thanks.

On Jun 1, 2020, at 7:08 AM, Ondřej Surý <[hidden email]> wrote:

I think it’s reasonable for nsupdate to do the chunking on itself. Patches are always welcome, but if you can start by creating issue for us, it would be very much welcome. I can’t offer you any timeframe, but at least it won’t get lost.

Ondrej
--
Ondřej Surý
[hidden email]



_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/bind-users