PowerDNS TXT Parsed and original record content are not equal

Operating System & Version
CentOS 7.8
cPanel & WHM Version
v90.0.16

thowden

Active Member
May 17, 2013
39
3
58
cPanel Access Level
Root Administrator
Hi All

As noted in my other missive on fixing missing records in a domain health check.

There is an issue with double-quoting TXT records in CPanel / WHM using the old Edit DNS Zone versus the new DNS Zone Manager.

Specific issue:

On a DNSOnly server I was running the PowerDNS domain check (I have snipped the irrelevant text to minimise line length issues. ):

[Warning] Parsed and original record content are not equal:
default._domainkey.clientdomain.com IN TXT
'"v=DKIM1; k=rsa; p=MIIBIjAN<snip>lMG7jlZ0ayj+L" FH6nusvV/87HxNugBuviQcMaEF<snip>xOtEmwFWlfWQIDAQAB\;'
Content parsed as
'"v=DKIM1; k=rsa; p=MIIBIjAN<snip>lMG7jlZ0ayj+L" "FH6nusvV/87HxNugBuviQcMaEF<snip>xOtEmwFWlfWQIDAQAB\;"')
Checked 19 records of 'clientdomain.com', 0 errors, 1 warnings.

When I studied it closely the actual TXT record was being formatted slightly differently with the double quote marks.

Messing around with different combinations of double-quote / no double-quote I can see a pattern, but it indicates that the different Zone editors in Cpanel are treating double-quotes differently to the way PowerDNs does and results in the parsing warning.

Copying the DKIM record from the Edit DNS Zone field shows:

"v=DKIM1; k=rsa; p=MIIBIjANB<snip>pgC/Q1UGPWxpvuGlgBH65lCI7JQQ2EihxeDwE3HzErKVUn3CeW9FDNkp<snip>MG7jlZ0ayj+L" FH6nusvV/87HxNugBuviQcMaEFjYc1AGgQ<snip>h+e6nwHhXM5/xOtEmwFWlfWQIDAQAB\;

Note the opening quote " and closing mid-string at +L" which is followed by a space which wraps in my editor and then the rest of the string follows without any further quote marks.

Modifying the zone record to have no quotes or spaces generates this as a record:

v=DKIM1

Yep, the double-quotes are in-use. Redoing it with the full string, no space or quote in the middle and closing the quote at the very end returns the quote & space mid-string as previously:

"v=DKIM1; k=rsa; p=MIIBIjANB<snip>pgC/Q1UGPWxpvuGlgBH65lCI7JQQ2EihxeDwE3HzErKVUn3CeW9FDNkp<snip>MG7jlZ0ayj+L" FH6nusvV/87HxNugBuviQcMaEFjYc1AGgQ<snip>h+e6nwHhXM5/xOtEmwFWlfWQIDAQAB\;

So apparently the Edit DNS Zone field management cannot handle the DKIM record length and breaks it with a wrap in double-quotes mid-string and a space before completing the rest of the string.

The issue is that with PowerDNS on the DNSOnly server that it syncs to, is that the PowerDNS check utility parses it as an error, (see above), where it is wrapping the second part of the string in quotes as well.

So I then go to the new DNS Zone Manager and check the records, they are all shown without quotes, which suggests that the display is inconsistent with the actual record content. Further, having saved and sync'd the zone with the new tool, the DNSOnly server pdns check utility still displays the same warning with the parsing error.

This is beyond my need to understand, but if you are seeing this warning and wondering why, this experience may help.
 
Last edited:

cPSamuelM

Technical Analyst Team Lead
Staff member
Nov 20, 2019
196
38
103
USA
cPanel Access Level
Root Administrator
Hello @thowden

Thank you for sharing your experience with this. To quote from an internal case on this subject (CPANEL-32506):

The original "Edit DNS Zone" is tied to the RFC 1035 master file format, which requires formatting TXT record strings longer than 255 bytes into separate chunks.

As you noted in the other thread you submitted, this does result in a warning when checking the validity of the zone in PowerDNS:

[Warning] Parsed and original record content are not equal

However, this does not actually pose any issues to the record being loaded or reported correctly. As an improvement to the user interface when managing DKIM records the "Email Deliverability" feature in cPanel offers the ability to view the record as "full" or "split," which may make it easier for users who need to copy the cPanel-generated DKIM record to a remote server that manages their DNS.

It seems that you were simply sharing your experience to shed some light on this matter and help others who ran into the same issue. With that said, please feel free to let us know if you have any followup questions.
 

thowden

Active Member
May 17, 2013
39
3
58
cPanel Access Level
Root Administrator
Hi

I'd suggest re-reading the content of my original message.

I think it does "pose an issue" as it the process is presenting inconsistent formatting in the management of the string-chunks.

This is generating unnecessary warning messages that would not appear if the formatting was consistent.

As with most errors and warnings, they will be consuming small amounts of resources on the server, and potentially large amounts of tech support resources to validate something which "does not actually pose any issues to the record being loaded or reported correctly"

It would not take much effort to ensure that the second chunk of the split record was also wrapped in double-quotes so that PowerDNS compared like with like and did not need to report any warning or error.

This is occurring with records formatted within Cpanel / WHM using either / both zone edit options, and both zone edit options display differently and inconsistently with the actual zone file that is transferred.

Yes, I am trying to inform others, and invite feedback, but also to inform CPanel support that there is an issue with this process that could and should be fixed.