[Dnsmasq-discuss] Using dnsmask for dkim, trying to patch dnsmasq

Thomas Carrié ThoCar at free.fr
Sat Aug 28 18:32:36 BST 2010


Thanks for all responses.

My RSA public key was a little bit longer than 255 bytes because I have typed 

$ openssl genrsa -out dkim_private.key 1204

1204 instead of 1024 !!

So like Xavier, I can use txt record for my DKIM public key in a Single string 
without any problem. Multiple string technic in a single record is not 
required in my case.

On Sábado 28 Agosto 2010 02:25:59 usted escribió:
> Le Sat, 28 Aug 2010 01:54:36 +0200,
> 
> Thomas Carrié <ThoCar at free.fr> a écrit :
> > Hello,
> > 
> > I am setting up a mail server with DKIM (exim4u).
> > 
> > DKIM requires that I put the public key of my domain in a TXT record,
> > so I add in dnsmasq.conf
> > 
> > txt-record=gamma._domainkey.sample.info,"v=DKIM1; t=y; k=rsa;
> > p=MIG1MA0GCSqGSIb3DQEBAQUAA4GjADCBnwKBlwxSuaM6ckdmIAHbz4KjlmUjmVxH6kMlaJi
> > 29fHa7lWonM0AWoBw9Pli/EULXHpVj71W6uJD/dGOQBlFjy0zOFBlR/yJU79rRqLwEPyDM8Fo
> > aLHHQWEcX/msoL5xjFS9R9l1+FJG5SmVVmQcyT0hgiyfW87xE3YhPspN6jnaukDYmzejGdivk
> > y9SowCrZWNgLtuxBjDaI20CAwEAAQ=="
> > 
> > The problem is that dnsmasq rejects such a long record.
> > 
> > I have changed the code (option.c) to accept longer TXT record, but
> > then my response headers are invalid, here are the messages I get
> > from dig for my patched dnsmasq
> > 
> > $ dig @127.0.0.1 gamma._domainkey.sample.info TXT
> > 
> > ;; Warning: Message parser reports malformed message packet.
> > ;; WARNING: Messages has 272 extra bytes at end
> > 
> > When I capture the response with tcpdump, the DNS answer in
> > incomplete, only the first 10 bytes are here, I do not understand
> > why, the UDP header says that 338 bytes are supposed to be sent. The
> > last byte of the DNS response is the 3rd byte of the DNS TTL.
> > 
> > Can someone explain me how is it possible to have mismatch between
> > the UDP length and the real content of the packet ?
> > 
> > Hope I can have a response from author and community weither it is a
> > good idea or not to accept longer TXT record and to add DKIM
> > capabilities to dnsmaq ?
> > 
> > Thanks for your feedbacks
> 
> Bonjour Thomas
> 
> J'utilise moi-même dnsmasq avec un enregistrement dkim quelque part,
> donc je ne crois pas que ce soit à cause de la longueur de
> l'enregistrement que ça ne marche pas, ou alors vous avez changé
> quelque chose ailleurs.
> 
> Ainsi, dans dnsmasq.conf:
> #Dkim
> txt-record=dkim._domainkey.sploing.fr,"v=DKIM1; g=*; k=rsa; t=y:s;
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBZIITWjhXdohoZjYP5ttEeTxsUYTU5wIcZ
> fwOSTH8V5Tx+zWixcwlZdDyr8aT3uCq6vgtNGuf3jCcq8w9I6Pt8iHnSiHcFo80qD5tWPAi54v+
> fideT+X5jt0jdr+c7BE1kQh5LBcpYBzbsRcsT9Lk9trxqyxbmx6J9FBjTXhXiQIDAQAB"
> txt-record=_adsp._domainkey.sploing.fr,"dkim=all; t=s"
> log-facility=/var/log/dnsmasq.log
> txt-record=sploing.fr._domainkey.sploing.fr,"v=DKIM1; g=*; t=s;
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCp4jmCJN0TtxwgWuV/W+mNP+jnK6KPqO7I7
> fhjyUOiexpOk7PpViAtsBrtjcbDefBiDmc/KouwLLSyyaa75ctPfvbLAYJIT97rIb9Pl2J95IVa
> 4VjFzM2v9ZTnkNB3KlAIvYLFOllhNfAoJuWnjHFj1B5ojGXKufBRihfUNEP0JQIDAQAB"
> 
> et # dig +short txt dkim._domainkey.sploing.fr
> "v=DKIM1\; g=*\; k=rsa\; t=y:s\;
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDBZIITWjhXdohoZjYP5ttEeTxsUYTU5wIcZ
> fwOSTH8V5Tx+zWixcwlZdDyr8aT3uCq6vgtNGuf3jCcq8w9I6Pt8iHnSiHcFo80qD5tWPAi54v+
> fideT+X5jt0jdr+c7BE1kQh5LBcpYBzbsRcsT9Lk9trxqyxbmx6J9FBjTXhXiQIDAQAB"
> 
> # dig +short txt sploing.fr._domainkey.sploing.fr
> "v=DKIM1\; g=*\; t=s\;
> p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCp4jmCJN0TtxwgWuV/W+mNP+jnK6KPqO7I
> 7fhjyUOiexpOk7PpViAtsBrtjcbDefBiDmc/KouwLLSyyaa75ctPfvbLAYJIT97rIb9Pl2J95IV
> a4VjFzM2v9ZTnkNB3KlAIvYLFOllhNfAoJuWnjHFj1B5ojGXKufBRihfUNEP0JQIDAQAB"
> 
> J'attends quand même l'avis de plus compétents avant d'être sûr.
> Cordialement, Xavier

-- 
Thomas Carrié



More information about the Dnsmasq-discuss mailing list