Status
Not open for further replies.

sadwargamer

Registered
Jul 5, 2008
3
0
51
Hi,

The DKIM key created is too long for the TXT entry field (limit 255 characters) - I understand that the latest version of cpanel uses 2048 key whereas a 1024 key from previous versions genertaed a key of 255 charcters or less.

As I cannot add a long TXT record can someone let me know who I can force WHM/Cpanel to use 1024 key size so I can create correct TXT entries.

Regards
Andy
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,216
463
Hello :)

Could you verify which version of cPanel is installed on your system? This should be addressed in cPanel version 11.50.

Thank you.
 

sadwargamer

Registered
Jul 5, 2008
3
0
51
Hi,

Yes I am on 11.50 but all new domains are created with the 2048 key - how can I change this to the 1024 key please.

thanks.

regards
andy
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,216
463
Could you verify why you can't add the long TXT record? For instance, do you mean you are adding it somewhere other than cPanel where the DNS is hosted? It should not be an issue adding it through cPanel.

Thank you.
 

sadwargamer

Registered
Jul 5, 2008
3
0
51
I need to add the DKIM as a TX record with my DNS provider and they do not support (currently) more than 255 characters otherwise of course I woudl use 2048...

I cannot be the only one in the world in this position :(
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,216
463
Hello:)

Internal case CPANEL-794 is open to address the improper handling of quotes and data length for TXT records (DKIM). You can monitor our change logs to see when this case has been resolved:

cPanel - Change Logs

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,216
463
Internal case CPANEL-794 has not yet been released, but I do see activity on this case as recent as a few days ago. There's currently no exact time frame I can provide on when a resolution will be implemented, but please feel free to monitor our change log for the case number.

Thank you.
 

dazeck

Well-Known Member
Jul 19, 2014
58
11
58
England
cPanel Access Level
Root Administrator
Sorry to bump this thread, but I am having an issue with DKIM and I think it's due to this case number 794. Are we any closer to getting this resolved ? If not, how can we manually generate dkim and get email signing working. My old keys all work fine, but keys generated recently are failing and its for a new customer.

I get this when testing with verifier.port25.com

DKIM check details:
----------------------------------------------------------
Result: fail (signature doesn't verify)
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,216
463
but keys generated recently are failing and its for a new customer.
Could you verify if you have checked any alternate testing websites? You can also verify if the record appears with a command such as:

Code:
dig txt default._domainkey.domain.com @ns1.nameserver.com
Thank you.
 

dazeck

Well-Known Member
Jul 19, 2014
58
11
58
England
cPanel Access Level
Root Administrator
This appears to have rectified itself once I had logged a support ticket, typical. To get around this whilst waiting for the support team (the time difference doesn't help), I had to manually generate the keys. The following day, when disabled and re-enabled the DKIM setting against the account and checked using verifier.port25.com it verified ok. I have no idea why it wouldn't work one day then started to work the next.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,216
463
I am happy to see the issue is now resolved. In general, it's a good idea to check via the "dig" command because third-party websites may use cached or incorrect methods of verifying the record.

Thank you.
 

JamasWise

Member
Jun 18, 2014
12
1
53
cPanel Access Level
Root Administrator
If you are using Cloudflare, I finally found a work around. This might work for other DNS systems.

When cpanel displays the new longer keys on the email authentication screen it does so in the format that DNS system would do to maintain the 255 character limit of the TXT field. It does this by adding a quote " and space before the next part of the key. If you are pasting this into Cloudflare then strip out all the quotes and the space. Cloudflare when serving the record will split it. But if you paste it in split then it won't resolve correctly.

Hope this helps others.
 
  • Like
Reactions: JamesGG

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,909
2,216
463
Thank you for taking the time to provide a workaround for CloudFlare. I'm happy to see that addresses the issue.
 

doekia

Registered
Dec 20, 2015
1
0
1
my place
cPanel Access Level
Website Owner
humm, I feel really confused.

RFC-4408 - 3.1.3
As defined in [RFC1035] sections 3.3.14 and 3.3, a single text DNS
record (either TXT or SPF RR types) can be composed of more than one
string.
...
SPF or TXT records containing multiple strings are useful in
constructing records that would exceed the 255-byte maximum length of
a string within a single TXT or SPF RR record.
RFC-1035 - 3.3
<domain-name> is a domain name represented as a series of labels, and
terminated by a label with zero length. <character-string> is a single
length octet followed by that number of characters. <character-string>
is treated as binary information, and can be up to 256 characters in
length (including the length octet).
RFC-1035 - 3.3.14
TXT-DATA One or more <character-string>s.
RFC-1035 - 5.1
<character-string> is expressed in one or two ways: as a contiguous set
of characters without interior spaces, or as a string beginning with a "
and ending with a ". Inside a " delimited string any character can
occur, except for a " itself, which must be quoted using \ (back slash)
1/ I see no limit to 255 expressed "MUST" as part of the RFCs.
2/ Assuming there is one, it is 255, but cpanel build the strings as follow:
Code:
"v=DKIM1\; k=rsa\; p=first" "second\;"
With "v=DKIM1\; k=rsa\; p=first" been 260 characters.
Trail the quotes, count is 258 characters still.
Trail the back-quote (wonder why btw), count is 256 characters still.
ALL those characters count exceed 255 if it is a limit ?!?.
 

havok89

Registered
Mar 22, 2016
2
0
1
Glasgow
cPanel Access Level
Root Administrator
Has this been addressed yet?

I need to change the key length so that it fits with the limit on my DNS provider (fasthosts).

Just now the key is too long and like mentioned above it is broken with the quotation marks. the bit inside the quotation marks is 255 in length and would fit but I can't create the record with the second part after the split.

I can't find anything about how to change the key length, is it possible in cPanel, WHM or via SSH?
 
Status
Not open for further replies.