[Dnsmasq-discuss] Using dnsmask for dkim, trying to patch dnsmasq
simon at thekelleys.org.uk
Sat Aug 28 07:43:39 BST 2010
Thomas Carrié wrote:
> I am setting up a mail server with DKIM (exim4u).
> DKIM requires that I put the public key of my domain in a TXT record, so I add
> in dnsmasq.conf
> txt-record=gamma._domainkey.sample.info,"v=DKIM1; t=y; k=rsa;
> The problem is that dnsmasq rejects such a long record.
> I have changed the code (option.c) to accept longer TXT record, but then my
> response headers are invalid, here are the messages I get from dig for my
> patched dnsmasq
> $ dig @127.0.0.1 gamma._domainkey.sample.info TXT
> ;; Warning: Message parser reports malformed message packet.
> ;; WARNING: Messages has 272 extra bytes at end
> When I capture the response with tcpdump, the DNS answer in incomplete, only
> the first 10 bytes are here, I do not understand why, the UDP header says that
> 338 bytes are supposed to be sent. The last byte of the DNS response is the
> 3rd byte of the DNS TTL.
> Can someone explain me how is it possible to have mismatch between the UDP
> length and the real content of the packet ?
> Hope I can have a response from author and community weither it is a good idea
> or not to accept longer TXT record and to add DKIM capabilities to dnsmaq ?
> Thanks for your feedbacks
The reason for the limit is that the data is represented inside the DNS
packet as a "counted string", ie a single byte giving the length
followed by the characters of the string. That gives a hard limit on the
length of a string of 255 characters. A single TXT record can hold more
that one string, so it would be possible to automatically split a long
string into 255-character chunks, RFC4870 section 9 seems to say that
this is the correct thing to do.
More information about the Dnsmasq-discuss