Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.protocols.dns.bind > #75
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!aioe.org!news.glorb.com!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Paul Wouters <paul@xelerance.com> |
| Newsgroups | comp.protocols.dns.bind |
| Subject | Re: how to split TXT record for IpSEC? |
| Date | Wed, 9 Nov 2011 11:14:30 -0500 (EST) |
| Lines | 51 |
| Approved | bind-users@lists.isc.org |
| Message-ID | <mailman.35.1320855305.68562.bind-users@lists.isc.org> (permalink) |
| References | <20111109133535.GA30278@fantomas.sk> <20111109135906.GB30278@fantomas.sk> |
| NNTP-Posting-Host | lists.isc.org |
| Mime-Version | 1.0 |
| Content-Type | TEXT/PLAIN; charset=US-ASCII; format=flowed |
| X-Trace | usenet.stanford.edu 1320855305 13414 149.20.64.75 (9 Nov 2011 16:15:05 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| Cc | bind-users@lists.isc.org, Michael Richardson <mcr@sandelman.ca> |
| To | Matus UHLAR - fantomas <uhlar@fantomas.sk> |
| Return-Path | <paul@xelerance.com> |
| X-Original-To | bind-users@lists.isc.org |
| Delivered-To | bind-users@lists.isc.org |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/simple; d=xelerance.com; h= content-type:content-type:mime-version:user-agent:references :message-id:in-reply-to:subject:subject:from:from:date:date :received:received:received:received; s=smtp; t=1320855280; x= 1321460080; bh=djfD6EfGF5WaXesMNdC/ZXcgUWcN0Xnk3SEMu8MQSBg=; b=l iv51AA6CVQ08x1jB8tXYe991eWOJy/G7RPg/MthkD8l6Qm/TiBgsqP+kk67cHA+F G2eEVgX9Et4xIwd41j9c7C6pZtD4SxFRyNvW7/RCLoLqPZcz7yNq9hqThUyi4RKf 2JPaD/SE0ra9lLpZ82hz7cxMe5LmcGwSQSlaZpmTxI= |
| In-Reply-To | <20111109135906.GB30278@fantomas.sk> |
| User-Agent | Alpine 2.00 (DEB 1167 2008-08-23) |
| X-Spam-Status | No, score=-1.0 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,NORMAL_HTTP_TO_IP,RDNS_NONE autolearn=no version=3.3.1 |
| X-Spam-Checker-Version | SpamAssassin 3.3.1 (2010-03-16) on mx.ams1.isc.org |
| X-BeenThere | bind-users@lists.isc.org |
| X-Mailman-Version | 2.1.14 |
| Precedence | list |
| List-Id | BIND Users Mailing List <bind-users.lists.isc.org> |
| List-Unsubscribe | <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe> |
| List-Archive | <https://lists.isc.org/pipermail/bind-users> |
| List-Post | <mailto:bind-users@lists.isc.org> |
| List-Help | <mailto:bind-users-request@lists.isc.org?subject=help> |
| List-Subscribe | <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe> |
| Xref | x330-a1.tempe.blueboxinc.net comp.protocols.dns.bind:75 |
Show key headers only | View raw
On Wed, 9 Nov 2011, Matus UHLAR - fantomas wrote: >> sofia.dashofer.sk. 3600 IN TXT >> "X-IPsec-Server(10)=@sofia.dashofer.sk" " >> AQNqdEjqL33Pf4MFgJYs5v4xRhEPTWouM3Ny1HfcecM+TdX+gpZ2gzIpsmB8UWsUobuJnTSJ >> wt2rEw3PcFpuBN3l8F8dAuSWl5lhiojjdenmHf2A6EaqyNTzGJgro9qAMS91DjW4i3HrOAgk" " >> Z1sfvkN8SrnSpbXqpN6JL19tjNTffnd0vhkWWAH7enHcQf0A4hNvIwhQHKFJ0Xd4weHLrD54 >> DMr6X5n0/6dt7xnPiPqShTr8zlNvrvXP6ZcL+k" >> "uNade/3+uxwKMtA6UwUdhrW86i5vYC1xL+tj0svQwi6gD5gISFVHVUOU3Q91FLpc8vUDum/ >> O1ckgsMI/K0CmvGVVxbf5zqSqX6FCv9AV30XdliPxQDx9iUtNY2wM7tug5ci/Dmy066XopR/" " >> vlrslCABREFiIOAzFMkOvQ0ZUkOGyWN5ERJ161k9msDnFUlldWuK17g2mzp24/nVx+hOXfzg >> qhhpeSQV8RK0zZkOe3pVd+a0uuDeYaMtSIRTOT5D" "xTvWInVjR8LXtpPiGqj5qO+hQhysgk=" >> >> Can you recomment can I split it to multiple records so they all fit? > > what I mean, can I simply split them into multiple TXT records? > Should they be split at string boundary (between quotes)? > If I split between quotes, do I need to spaces a the begin/end or can I > simply change them to newlines? > > sofia.dashofer.sk. IN TXT > "X-IPsec-Server(10)=@sofia.dashofer.sk" > " > AQNqdEjqL33Pf4MFgJYs5v4xRhEPTWouM3Ny1HfcecM+TdX+gpZ2gzIpsmB8UWsUobuJnTSJ > wt2rEw3PcFpuBN3l8F8dAuSWl5lhiojjdenmHf2A6EaqyNTzGJgro9qAMS91DjW4i3HrOAgk" > ... > > or even > > sofia.dashofer.sk. IN TXT > "X-IPsec-Server(10)=@sofia.dashofer.sk" > sofia.dashofer.sk. IN TXT " > AQNqdEjqL33Pf4MFgJYs5v4xRhEPTWouM3Ny1HfcecM+TdX+gpZ2gzIpsmB8UWsUobuJnTSJ > wt2rEw3PcFpuBN3l8F8dAuSWl5lhiojjdenmHf2A6EaqyNTzGJgro9qAMS91DjW4i3HrOAgk" > ... No you cannot split them in separate TXT records, as you have no idea about the order. Imagine if you have three parts, two of those would be just random characters. You should really use IPSECKEY instead of TXT records: See http://tools.ietf.org/html/rfc4025 The IPSECKEY RR imposes no length limit on RSA public keys, other than the 65535 octet limit imposed by the two-octet length encoding. That said, openswan has not yet been brought up to spec for IPSECKEY, so for that you will have to use TXT. Paul
Back to comp.protocols.dns.bind | Previous | Next | Find similar
Re: how to split TXT record for IpSEC? Paul Wouters <paul@xelerance.com> - 2011-11-09 11:14 -0500
csiph-web