[nsd-users] dkim + zone file issues

shmick at riseup.net shmick at riseup.net
Fri Jul 11 18:22:37 UTC 2014

i run nsd 4.0.3 and can't for the life of me seem to get a dkim record
accepted and propagated

cmds used:

$ dnssec-keygen -a ECDSAP384SHA384 example.com
$ dnssec-keygen -a ECDSAP384SHA384 -f KSK example.com
$ cat Kexample.com*.key >> example.com
$ dnssec-signzone -o example.com example.com

ive used the usual bind dnssec tools and followed your dnssec howto tute
to gen keys but they never pass the final cmd complaining about the dkim

dnssec-signzone: error: dns_rdata_fromtext: example.com:24: syntax error
dnssec-signzone: fatal: failed loading zone from 'example.com': syntax error

the only way i get it to work and for it to produce the signed zone file
is to simply remove the dkim entry altogether, which does succeed

what is my dkim entry ?

mail._domainkey.example.com. IN TXT ("v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0B

no spaces between tags, no spaces for entire p tag

i saw an earlier ticket whereby a member said creating a space between
brackets, or trying specifying the public key on different lines
enclosed in talking marks and ive tried all manner of combinations but
its not making sense from this point on

More information about the nsd-users mailing list