Product » A free email server for Windows and Linux » Knowledge Base

Document information

Document ID: 5147
Subject: Entering a DKIM signature in a Microsoft DNS Server
Creation date: 8/11/17 12:47 PM
Last modified on: 8/10/18 11:41 AM


DKIM Signature in MS DNS Server

DKIM signatures are often larger than 512 characters and many DNS servers limit the size of a TXT record to either 255 or 512 characters, creating a problem when entering DKIM signatures.

This page demonstrates how to enter a DKIM signature in a Microsoft DNS Server. In this example, we are using the DNS Server bundled with Windows 2016.

The Goal

The goal of this demonstration is to enter the following values in a Microsoft DNS Server.

Record Type:TXT
Record Name:20170811._domainKey.company1234.com
DKIM Record: 
v=DKIM1;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuehQG5vtUVVKiIpCg5UTPDfmzGuA7tvZMR
voeWwZagt6DILPZPpotyDfxBX6QTYSOV8ueSxE/qbPLV8PRkhTkdOVfzbxtw5qydbJJTUu5SFoxv5Wmw3jwlOP8Y
amb/3E7b5qf0rTSk186hngpaL3u/IAVLcX/N2vLUoNmPITP3ajPfmg8qWwzxJFWX/npNvIHdS7M4RxYkPUItDWda
SJXGRdyqWNsEjGMHSvHPL8rGPh65imENpIhxY0ODKISEXKB98zNcT4G2M2WP/liUhrqMwQ3LPOTKcBI1SACj70WD
h8wTFv1N/+WbIVogAC678RBwgOh4oKlUosfNg7ohizcwIDAQAB
NOTE: A DKIM signature does not have embedded lines. The example above is broken into multiple lines to make them fit on the screen.


Step-by-step Instructions

  • Open DNS Manager by typing dnsmgmt.msc in the Run Windows

    DNS Manager for DKIM
  • Right click on the domain name and select Other New Records...
  • Select TXT from the list

    New TXT record
  • Enter the selector._domainKey for record name. Selector is the value you specified when creating the DKIM record in Xeams. We will use 20170811 for selector value in this example.

    New DKIM Record - truncated version

    At first it will appear that the window has accepted the entire string. However, once you click OK and go back in, you will see the string has been truncated. To confirm the value has indeed been truncated, run the following command from a Command Prompt: 
    nslookup -q=txt 20170811._domainKey.company1234.com 192.168.1.141
    The ending IP address is the IP address of the machine where DNS server is running. Refer to the image below for the result of this command.

    NSLookup showing truncation

  • To fix this problem you will have to enter multiple lines, each with a maximum length up to the truncation point as shown below.

    NSLookup showing truncation

  • Once the DNS record is entered in multiple lines, the same nslookup command will display the full record as shown below.

    NSLookup showing truncation



User comments

Posted by Peter Smith on 11/22/21 1:22 AM

Thanks you Thank you. This is excellent. Was sitting with this long DKOIM key issue in Windows DNS for over a ay and then saw your solution. The Windows DNS truncates the long string at 151 chars. - adding it on multiple lines seem to work. Great stuff.

Posted by Frank Borrmann on 1/22/21 3:03 AM

Thanks a lot, when reading the corresponding RFCs for DKIM, whitespaces are allowed;-) Not very funny this implementation from MS.

Posted by Andrew Taylor on 12/20/19 8:11 AM

This helped me a lot in regards to Windows Server truncating the txt record. Thanks!

Posted by Arnol Lopez on 9/9/20 12:04 PM

Thank You, worked great for MS DNS. Was running into a truncation issue, much appreciated.

Posted by SGroom on 2/10/21 11:26 PM

thanks for posting this. Saved me a ton of time figuring out how to get the a full dkim key implemented. I knew it looked too short!

Posted by Özgür on 9/21/20 9:09 AM

Thats why I hate microsoft. Even their latest app have similar stupid issues. Can not believe...


Add a comment to this document

Do you have a helpful tip related to this document that you'd like to share with other users?

Important: This area is reserved for useful tips. Therefore, do not post questions here. Instead, use our public forums to post questions.