DNS settings for DKIM, 192 ch (again – is there a workaround)?

  • karamcnair · Member ·

    Hi – I just ported my domain name over to point at WP.com’s servers, but my mail server is rejecting my sending b/c of the DKIM limits mentioned in all the posts here: https://en.forums.wordpress.com/tags/dkim

    I know that a ‘real fix’ for the character limit isn’t scheduled, and that’s fine, but the support page for custom DNS records says “Our DNS editor currently has a limitation of 192 characters for TXT records. If this poses a problem for your needs, the workaround is to create a CNAME record to an alternate domain and host the TXT record there.”

    I don’t understand what’s being suggested in the statement “the workaround is to create a CNAME record to an alternate domain and host the TXT record there.” – would someone be able to provide an example in documentation that could be used as a template?

    Thanks!
    Kara

    The blog I need help with is: (visible only to logged in users)

  • karamcnair · Member ·

    Aha! Workaround figured out and here are the details for clarity/template for others to follow.

    You DO need to be able to add DNS TXT records to another domain somewhere – you could own it yourself or you could piggyback on a friend’s domain. In my case, my karamcnair.com mail is hosted on our home server at mcgreer.ca, so I added my TXT records to mcgreer.ca.

    [I do own other domains that I could use for the records, but since DKIM is a mail thing, why not keep it together?]

    Steps:

    1) in the WordPress.com My Domains page, add a CNAME from the standard DKIM lookup key to another symbolic name. I added a record that maps the first string to the second:

    CNAME: mail._domainkey.karamcnair.com domainkeyhop.mcgreer.ca

    The ‘domainkeyhop’ string is arbitrary – it’ll be the lookup value in the TXT record I add to mcgreer.ca’s DNS records. You should pick something that will never REALLY be used by that domain – I could have picked, for example, ‘karamcnairDKIM’, but I was testing on the fly and now it works.

    2) Add the TXT record that’s too long for WordPress.com’s DNS to the records on the other host. For me, I added:

    TXT: domainkeyhop.mcgreer.ca
    v=DKIM1; h=sha256; k=rsa; s=email; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDvKdFVtFVgfbTHTls68RXCRC3uphQsdA/cLqKdH4qWFHsF4xelFnB+Y75nh2az1R2izpabA4pggf3vzH87CvymAEvukvMBaJHa03bUp02NsdKD0XQ1uD/itQ5pFe5gkjVOAfe2klSAucUCXWLPTZSHPR2CqkPA2LCrToWfLydGUwIDAQAB

    (I’m sure that formatted hideously, but basically, I used the value returned by the TXT lookup for ‘mail._domainkey.karamcnair.com’ as the key for the new record and crammed the unwieldly DKIM data into the value there).

    That was it. Wait for propagation & then it worked.

    [Warning: wherever you add the final record in step 2, you need to make sure that the registrar/service you’re using is authoritative for the domain. I tried this first with a different domain I own on EasyDNS, but forgot that I registered it on EasyDNS but was hosting on DreamHost, so the DreamHost DNS records & the EasyDNS records were fighting all day and overwriting each other. If you are having trouble, check where the DNS authority is defined]

    Cheers!

  • karamcnair · Member ·

    Dear Support – I figured this out & updated with detailed instructions but it would be useful if the subject/title could be changed to be not a question. I would like to change it to

    “DNS settings for DKIM, 192 char – detailed workaround instructions”

    so it’s easier for people to find when searching.

    Would you be able to do that? Thanks!

  • karamcnair · Member ·

    I gather I should have tagged this ‘staff’ instead of ‘support’ for the final request. Reposting here:

    Dear Support – I figured this out & updated with detailed instructions but it would be useful if the subject/title could be changed to be not a question. I would like to change it to

    “DNS settings for DKIM, 192 char – detailed workaround instructions”

    so it’s easier for people to find when searching.

    Would you be able to do that? Thanks!

  • timethief · Member ·

    I tagged this with “modlook” yesterday as that’s the tag we use for Staff attention. There’s a considerable backlog so please be patient while waiting for their response. To subscribe so your are notified when that happens look in the sidebar of this thread, find the subscribe to topics link and click it.

  • lizthefair · Member ·

    Thanks for sharing your solution. Others who are comfortable with advanced DNS are welcome to give that a go. We aren’t able to help support those kinds of solutions though, so if you go that route, you’ll want to make sure you are really familiar with advanced DNS.

    We are also always happy to manually enter DKIM/long txt records. Just let us know you need that kind of support and we’ll work with you in private e-mail to get your e-mail all set up.

    As for changing the title of the thread, we aren’t able to do that, but it will still be helpful to people as it stands.

  • lancewiggs · Member ·

    Lizthefair It would be very helpful if you put this into the WordPress instructions rather than making folks dig this far. Asking via a forum to add longer strings is ludicrous on a number of levels.

  • lizthefair · Member ·

    I’ve updated the support document to reflect this option. Thanks everyone!

  • The topic ‘DNS settings for DKIM, 192 ch (again – is there a workaround)?’ is closed to new replies.