Path: csiph.com!2.eu.feeder.erje.net!feeder.erje.net!news.etla.org!nntp-feed.chiark.greenend.org.uk!ewrotcd!usenet-its.stanford.edu!usenet.stanford.edu!not-for-mail
From: "Andreas S. Kerber" <ask@ag-trek.de>
Newsgroups: comp.protocols.dns.bind
Subject: Re: nsupdate - adding large/split TXT record (2048 bit DKIM key)
Date: Mon, 1 Jun 2020 12:50:30 +0200
Lines: 13
Approved: bind-users@lists.isc.org
Message-ID: <mailman.471.1591008621.942.bind-users@lists.isc.org>
References: <DAC44C9C-68FD-46B8-8E9F-D902FD65656A@gmail.com> <20200601105030.GA25378@eb6.srv.ke3.speedkom.net>
NNTP-Posting-Host: lists.isc.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Trace: usenet.stanford.edu 1591008644 4958 149.20.1.60 (1 Jun 2020 10:50:44 GMT)
X-Complaints-To: action@cs.stanford.edu
Cc: bind-users@lists.isc.org
To: vom513 <vom513@gmail.com>
Return-Path: <ask@ag-trek.de>
X-Original-To: bind-users@lists.isc.org
Delivered-To: bind-users@lists.isc.org
Content-Disposition: inline
In-Reply-To: <DAC44C9C-68FD-46B8-8E9F-D902FD65656A@gmail.com>
X-Spam-Status: No, score=0.0 required=5.0 tests=SPF_HELO_NONE,SPF_PASS autolearn=disabled version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mx.pao1.isc.org
X-BeenThere: bind-users@lists.isc.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: BIND Users Mailing List <bind-users.lists.isc.org>
List-Unsubscribe: <https://lists.isc.org/mailman/options/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=unsubscribe>
List-Archive: <https://lists.isc.org/pipermail/bind-users/>
List-Post: <mailto:bind-users@lists.isc.org>
List-Help: <mailto:bind-users-request@lists.isc.org?subject=help>
List-Subscribe: <https://lists.isc.org/mailman/listinfo/bind-users>, <mailto:bind-users-request@lists.isc.org?subject=subscribe>
X-Mailman-Original-Message-ID: <20200601105030.GA25378@eb6.srv.ke3.speedkom.net>
X-Mailman-Original-References: <DAC44C9C-68FD-46B8-8E9F-D902FD65656A@gmail.com>
Xref: csiph.com comp.protocols.dns.bind:15804

On Mon, Jun 01, 2020 at 04:11:43AM -0400, vom513 wrote:
> Can anyone point me to an example of how to do this ?  I have a script that rotates my DKIM keys, and uses nsupdate to publish.  With 1024 bit - I must be getting by by the skin of my teeth…
> 
> When I try 2048 bit, the record is obviously longer.  All of my attempts of running it through the Rube Goldberg sed machine have failed - nsupdate chokes on format.

Yeah, I had troubles with those 2048 bit DKIM records too. nsupdate will need it like this:

server X.X.X.X
zone ag-trek.de
update add test.ag-trek.de. 86400 IN TXT    "v=DKIM1; k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3LmxUW2tnM07YbofiOGR3T6KS/BfHmyPYe0GOEEch/abeTjaL3OtuhmVmr4QMe2HV/6n5SBiVh4PE2wZxUcS2LMNbo5Hn7KO3UsTbIxCKuM6jvUpWtJPgC0uBGNkEARQVBSjW9pqYUQYkXzXLEULbu1AThgaUvCbVzWmvTQeEFXbBWP24O/" "LkiprI+iKRskRv0qgIOV0CRm32tk4MP/IcZBdjZ3sHrg3myjVJPfSUBOUyISXKRtiwfIgPeCj4V97Q+psmHvnDz9EID0eZaKih8neroRBETYDLFYjd6Pv9JTqrY7jXOHhM4kmOZOUyNXEIz22JVuaNSJbtXzNWTKpyQIDAQAB"


Break up the record in chunks of less than 255 byte, enclose each of these parts with "" and feed nsupdate all of these chunks seperated with a space on one line.