[nsd-users] dkim + zone file issues

Matthijs Mekking matthijs at nlnetlabs.nl
Mon Jul 28 09:13:11 UTC 2014


On 07/11/2014 08:22 PM, shmick at riseup.net wrote:
> i run nsd 4.0.3 and can't for the life of me seem to get a dkim record
> accepted and propagated
> cmds used:
> $ dnssec-keygen -a ECDSAP384SHA384 example.com
> $ dnssec-keygen -a ECDSAP384SHA384 -f KSK example.com
> $ cat Kexample.com*.key >> example.com
> $ dnssec-signzone -o example.com example.com
> ive used the usual bind dnssec tools and followed your dnssec howto tute
> to gen keys but they never pass the final cmd complaining about the dkim
> entry
> dnssec-signzone: error: dns_rdata_fromtext: example.com:24: syntax error
> dnssec-signzone: fatal: failed loading zone from 'example.com': syntax error
> the only way i get it to work and for it to produce the signed zone file
> is to simply remove the dkim entry altogether, which does succeed

It looks like a dnssec-signzone issue and you should contact ISC about that.

> what is my dkim entry ?
> mail._domainkey.example.com. IN TXT ("v=DKIM1;k=rsa;p=MIIBIjANBgkqhkiG9w0B

This is probably not the complete record, if it is: it misses the final
quotes and parentheses.

Best regards,

> no spaces between tags, no spaces for entire p tag
> i saw an earlier ticket whereby a member said creating a space between
> brackets, or trying specifying the public key on different lines
> enclosed in talking marks and ive tried all manner of combinations but
> its not making sense from this point on
> _______________________________________________
> nsd-users mailing list
> nsd-users at NLnetLabs.nl
> http://open.nlnetlabs.nl/mailman/listinfo/nsd-users

More information about the nsd-users mailing list