Route 53 doesn't allow adding DKIM keys because length is too long

Solution 1:

See a similar issue in Route 53 forum:

Unfortunately the 255 character limit per string on TXT records is not a Route53 limit but rather one imposed by the DNS protocol itself. However, each TXT record can have multiple strings, each 255 characters long. You will need to split your DKIM into multiple strings for your TXT record. You can do this via the console by entering each string encapsulated in quotes, one string per line.

Important note: Do not use "one string per line" as the instructions say -- separate strings with a single space, eg. "foo" "bar" not "foo"\n"bar". Use DKIMValidator to validate the signature is being read correctly.

Solution 2:

You can chop it up into chunks of quoted text with a max length of 255 per chunk. You don't have to make each chunk exact.

For example, if your value looks something like:

"v=DKIM1; k=rsa; p=abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyza bcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabc"

You can chop it up at arbitrary places:

"v=DKIM1; k=rsa; p=abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz" "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzab" "cdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabc"

Note those are single spaces, not newlines, between each chunk!

Google's setup instructions, unsurprisingly, are terrible. I just wrote up a complete guide for how to do this on Route53.


Solution 3:

DKIM on AWS Route53

You must split the DMARC record into 255 character parts. If you happen to host your DNS using AWS Route53, insert each part quoted with "..." into the record.

Do not use newlines to split the parts, because that would be separate TXT entries.

v=DKIM1; k=rsa; p=ABC123longkeypart1ABC123longkeypart2

becomes

"v=DKIM1; k=rsa; p=ABC123longkeypart1" "ABC123longkeypart2"

Using Terraform and Route53

When using Terraform to provision your Route53 records, you must split the DKIM-key into 255 max character parts as well.

Since Terraform takes care of quoting the TXT-entry, you must only provide quotes between each part, like so \"\".

v=DKIM1; k=rsa; p=ABC123longkeypart1ABC123longkeypart2

becomes

resource "aws_route53_record" "some_domain_dkim" {
  zone_id = "${aws_route53_zone.some_domain.zone_id}"
  name    = "google._domainkey.some_domain.com."
  type    = "TXT"
  ttl     = "3600"

  records = [
    "v=DKIM1; k=rsa; p=ABC123longkeypart1\"\"ABC123longkeypart2"
  ]
}

See also: https://www.terraform.io/docs/providers/aws/r/route53_record.html#records


Solution 4:

You can simply select 1024 instead of 2048 and add this to route 53 at the time of generating the TXT in Google Apps