1. Forum
  2. Newsgroups
  3. comp.protocols.dns.bind

  • nsupdate - adding large/split TXT record (2048 bit DKIM key)

    From vom513@vom513@gmail.com to bind-users on Mon Jun 1 04:11:43 2020
    From Newsgroup: comp.protocols.dns.bind

    Hello,
    Can anyone point me to an example of how to do this ? I have a script that rotates my DKIM keys, and uses nsupdate to publish. With 1024 bit - I must be getting by by the skin of my teeth…
    When I try 2048 bit, the record is obviously longer. All of my attempts of running it through the Rube Goldberg sed machine have failed - nsupdate chokes on format.
    I see lots of blogposts on how to split long TXT records, but I specifically need the bits to make nsupdate happy. The blogs all have these being entered by hand or through some web gui. It’s nsupdate’s particulars that are eluding me.
    Thanks in advance for any clue.
    --- Synchronet 3.18a-Linux NewsLink 1.113
  • From Andreas S. Kerber@ask@ag-trek.de to vom513 on Mon Jun 1 12:50:30 2020
    From Newsgroup: comp.protocols.dns.bind

    On Mon, Jun 01, 2020 at 04:11:43AM -0400, vom513 wrote:
    Can anyone point me to an example of how to do this ? I have a script that rotates my DKIM keys, and uses nsupdate to publish. With 1024 bit - I must be getting by by the skin of my teeth…

    When I try 2048 bit, the record is obviously longer. All of my attempts of running it through the Rube Goldberg sed machine have failed - nsupdate chokes on format.

    Yeah, I had troubles with those 2048 bit DKIM records too. nsupdate will need it like this:

    server X.X.X.X
    zone ag-trek.de
    update add test.ag-trek.de. 86400 IN TXT "v=DKIM1; k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LmxUW2tnM07YbofiOGR3T6KS/BfHmyPYe0GOEEch/abeTjaL3OtuhmVmr4QMe2HV/6n5SBiVh4PE2wZxUcS2LMNbo5Hn7KO3UsTbIxCKuM6jvUpWtJPgC0uBGNkEARQVBSjW9pqYUQYkXzXLEULbu1AThgaUvCbVzWmvTQeEFXbBWP24O/" "LkiprI+iKRskRv0qgIOV0CRm32tk4MP/IcZBdjZ3sHrg3myjVJPfSUBOUyISXKRtiwfIgPeCj4V97Q+psmHvnDz9EID0eZaKih8neroRBETYDLFYjd6Pv9JTqrY7jXOHhM4kmOZOUyNXEIz22JVuaNSJbtXzNWTKpyQIDAQAB"


    Break up the record in chunks of less than 255 byte, enclose each of these parts with "" and feed nsupdate all of these chunks seperated with a space on one line.
    --- Synchronet 3.18a-Linux NewsLink 1.113
  • From =?utf-8?B?T25kxZllaiBTdXLDvQ==?=@ondrej@isc.org to Andreas S. Kerber on Mon Jun 1 13:08:24 2020
    From Newsgroup: comp.protocols.dns.bind


    --Apple-Mail=_C531FB1D-8259-42AB-9E0C-40C3151B67BB
    Content-Transfer-Encoding: quoted-printable
    Content-Type: text/plain;
    charset=utf-8

    I think it=E2=80=99s reasonable for nsupdate to do the chunking on =
    itself. Patches are always welcome, but if you can start by creating =
    issue for us, it would be very much welcome. I can=E2=80=99t offer you =
    any timeframe, but at least it won=E2=80=99t get lost.

    Ondrej
    --
    Ond=C5=99ej Sur=C3=BD
    ondrej@isc.org

    On 1 Jun 2020, at 12:50, Andreas S. Kerber <ask@ag-trek.de> wrote:
    =20
    On Mon, Jun 01, 2020 at 04:11:43AM -0400, vom513 wrote:
    Can anyone point me to an example of how to do this ? I have a =
    script that rotates my DKIM keys, and uses nsupdate to publish. With =
    1024 bit - I must be getting by by the skin of my teeth=E2=80=A6
    =20
    When I try 2048 bit, the record is obviously longer. All of my =
    attempts of running it through the Rube Goldberg sed machine have failed =
    - nsupdate chokes on format.
    =20
    Yeah, I had troubles with those 2048 bit DKIM records too. nsupdate =
    will need it like this:
    =20
    server X.X.X.X
    zone ag-trek.de
    update add test.ag-trek.de. 86400 IN TXT "v=3DDKIM1; =
    k=3Drsa;p=3DMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LmxUW2tnM07YbofiO= GR3T6KS/BfHmyPYe0GOEEch/abeTjaL3OtuhmVmr4QMe2HV/6n5SBiVh4PE2wZxUcS2LMNbo5H= n7KO3UsTbIxCKuM6jvUpWtJPgC0uBGNkEARQVBSjW9pqYUQYkXzXLEULbu1AThgaUvCbVzWmvT= QeEFXbBWP24O/" = "LkiprI+iKRskRv0qgIOV0CRm32tk4MP/IcZBdjZ3sHrg3myjVJPfSUBOUyISXKRtiwfIgPeCj= 4V97Q+psmHvnDz9EID0eZaKih8neroRBETYDLFYjd6Pv9JTqrY7jXOHhM4kmOZOUyNXEIz22JV= uaNSJbtXzNWTKpyQIDAQAB"
    =20
    =20
    Break up the record in chunks of less than 255 byte, enclose each of =
    these parts with "" and feed nsupdate all of these chunks seperated with =
    a space on one line.
    _______________________________________________
    Please visit https://lists.isc.org/mailman/listinfo/bind-users to =
    unsubscribe from this list
    =20
    ISC funds the development of this software with paid support =
    subscriptions. Contact us at https://www.isc.org/contact/ for more = information.
    =20
    =20
    bind-users mailing list
    bind-users@lists.isc.org
    https://lists.isc.org/mailman/listinfo/bind-users


    --Apple-Mail=_C531FB1D-8259-42AB-9E0C-40C3151B67BB
    Content-Transfer-Encoding: 7bit
    Content-Disposition: attachment;
    filename=signature.asc
    Content-Type: application/pgp-signature;
    name=signature.asc
    Content-Description: Message signed with OpenPGP

    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAl7U4ahfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcLyaBAAsmx/kMFGOo+4qpTqsBDCb4jzgcQ1rjj3wZjr17ZCKFAjpR3ZmMnWyLZT Vnd6FAp2MbzOI3rz+DcaIoblEDXsKHABC4+y2CiE+bDcbkpDO6l+XSjQNGmIaFEg KaC+mwHB1gwt1z8ptrTdMn9t34ks0+VA/vm5mh92x/uG0IyGKwOTbH6nxIx8/yD4 7w+vExFruHLGDpp6zqgiX5UNAGJOrYSlRKmMdN2+xkWDK3ipzXdRl9bTGiel/LsG C2yWuSXUmXwrRrktIkAig++eyylnu49O0OKWjAiZgaDhFRD8BwoGPyj80SliVCh4 zlzHnr0ihArf7hh/7/pPLEO3INNFeg13d366aYNN7Iq62T9FnLGCfUSqyfAnMPtq +vSxXFBk8dA0yM1FWDPmfFYa7QEHK5ZrSA7CAPCh0VdDCWPTCturfq7lZzdJtywA vfIGLejFG2Y3p8igR6OMpV23TAwmx4OvYEpWqNnvGnlPHd/1bM5nEUweX71q6fLb eK/QUkUnIyGBcXCR/dKlLYRRG4u/3axyS8Rcoo1o5C+yNhNbUDyhXkA23XWXjoJb dPCo71YDDPYvIJyowJHuq8PMuXDHcVyNgVY/J1NrEFFZTD6YNSFADU9jo4BkHzj5 yKlsbHe74CPOnTbIqEtnBUoAmNX2ryZs7GkuLuhZhqbX2uNoaaU=
    =U234
    -----END PGP SIGNATURE-----

    --Apple-Mail=_C531FB1D-8259-42AB-9E0C-40C3151B67BB--
    --- Synchronet 3.18a-Linux NewsLink 1.113
  • From vom513@vom513@gmail.com to bind-users on Mon Jun 1 09:46:13 2020
    From Newsgroup: comp.protocols.dns.bind

    On Jun 1, 2020, at 6:50 AM, Andreas S. Kerber <ask@ag-trek.de> wrote:

    Yeah, I had troubles with those 2048 bit DKIM records too. nsupdate will need it like this:

    server X.X.X.X
    zone ag-trek.de
    update add test.ag-trek.de. 86400 IN TXT "v=DKIM1; k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LmxUW2tnM07YbofiOGR3T6KS/BfHmyPYe0GOEEch/abeTjaL3OtuhmVmr4QMe2HV/6n5SBiVh4PE2wZxUcS2LMNbo5Hn7KO3UsTbIxCKuM6jvUpWtJPgC0uBGNkEARQVBSjW9pqYUQYkXzXLEULbu1AThgaUvCbVzWmvTQeEFXbBWP24O/" "LkiprI+iKRskRv0qgIOV0CRm32tk4MP/IcZBdjZ3sHrg3myjVJPfSUBOUyISXKRtiwfIgPeCj4V97Q+psmHvnDz9EID0eZaKih8neroRBETYDLFYjd6Pv9JTqrY7jXOHhM4kmOZOUyNXEIz22JVuaNSJbtXzNWTKpyQIDAQAB"


    Break up the record in chunks of less than 255 byte, enclose each of these parts with "" and feed nsupdate all of these chunks seperated with a space on one line.
    Thanks - that’s what I needed. I have an ‘h=‘ tag as well, so I split mine into 3 “chunks”.--- Synchronet 3.18a-Linux NewsLink 1.113
  • From vom513@vom513@gmail.com to bind-users on Mon Jun 1 10:11:06 2020
    From Newsgroup: comp.protocols.dns.bind


    --Apple-Mail=_5E1AC662-C07E-4B1A-8B69-8F945B5B6225
    Content-Transfer-Encoding: quoted-printable
    Content-Type: text/plain;
    charset=utf-8

    Done:

    https://gitlab.isc.org/isc-projects/bind9/-/issues/1907 = <https://gitlab.isc.org/isc-projects/bind9/-/issues/1907>

    Thanks.

    On Jun 1, 2020, at 7:08 AM, Ond=C5=99ej Sur=C3=BD <ondrej@isc.org> =
    wrote:
    =20
    I think it=E2=80=99s reasonable for nsupdate to do the chunking on =
    itself. Patches are always welcome, but if you can start by creating =
    issue for us, it would be very much welcome. I can=E2=80=99t offer you =
    any timeframe, but at least it won=E2=80=99t get lost.
    =20
    Ondrej
    --
    Ond=C5=99ej Sur=C3=BD
    ondrej@isc.org
    =20


    --Apple-Mail=_5E1AC662-C07E-4B1A-8B69-8F945B5B6225
    Content-Transfer-Encoding: quoted-printable
    Content-Type: text/html;
    charset=utf-8

    <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; = charset=3Dutf-8"></head><body style=3D"word-wrap: break-word; = -webkit-nbsp-mode: space; line-break: after-white-space;" = class=3D"">Done:<div class=3D""><br class=3D""></div><div class=3D""><a = href=3D"https://gitlab.isc.org/isc-projects/bind9/-/issues/1907" = class=3D"">https://gitlab.isc.org/isc-projects/bind9/-/issues/1907</a></di= v><div class=3D""><br class=3D""></div><div class=3D"">Thanks.<br = class=3D""><div><br class=3D""><blockquote type=3D"cite" class=3D""><div = class=3D"">On Jun 1, 2020, at 7:08 AM, Ond=C5=99ej Sur=C3=BD &lt;<a = href=3D"mailto:ondrej@isc.org" class=3D"">ondrej@isc.org</a>&gt; = wrote:</div><br class=3D"Apple-interchange-newline"><div class=3D""><div = class=3D"">I think it=E2=80=99s reasonable for nsupdate to do the =
    chunking on itself. Patches are always welcome, but if you can start by = creating issue for us, it would be very much welcome. I can=E2=80=99t =
    offer you any timeframe, but at least it won=E2=80=99t get lost.<br = class=3D""><br class=3D"">Ondrej<br class=3D"">--<br class=3D"">Ond=C5=99e=
    j Sur=C3=BD<br class=3D""><a href=3D"mailto:ondrej@isc.org" = class=3D"">ondrej@isc.org</a><br class=3D""><br = class=3D""></div></div></blockquote></div><br = class=3D""></div></body></html>=

    --Apple-Mail=_5E1AC662-C07E-4B1A-8B69-8F945B5B6225--
    --- Synchronet 3.18a-Linux NewsLink 1.113