Product » Xeams » Knowledge Base

Document information

Document ID:5147
Subject:Entering a DKIM signature in a Microsoft DNS Server
Creation date:8/11/17 12:47 PM
Last modified on:8/11/17 12:47 PM


DKIM Signature in MS DNS Server

DKIM signatures are often larger than 512 characters and many DNS servers limit the size of a TXT record to either 255 or 512 characters, creating a problem when entering DKIM signatures.

This page demonstrates how to enter a DKIM signature in a Microsoft DNS Server. In this example, we are using the DNS Server bundled with Windows 2016.

The Goal

The goal of this demonstration is to enter the following values in a Microsoft DNS Server.

Record Type:TXT
Record Name:20170811._domainKey.company1234.com
DKIM Record:
v=DKIM1;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuehQG5vtUVVKiIpCg5UTPDfmzGuA7tvZMR
voeWwZagt6DILPZPpotyDfxBX6QTYSOV8ueSxE/qbPLV8PRkhTkdOVfzbxtw5qydbJJTUu5SFoxv5Wmw3jwlOP8Y
amb/3E7b5qf0rTSk186hngpaL3u/IAVLcX/N2vLUoNmPITP3ajPfmg8qWwzxJFWX/npNvIHdS7M4RxYkPUItDWda
SJXGRdyqWNsEjGMHSvHPL8rGPh65imENpIhxY0ODKISEXKB98zNcT4G2M2WP/liUhrqMwQ3LPOTKcBI1SACj70WD
h8wTFv1N/+WbIVogAC678RBwgOh4oKlUosfNg7ohizcwIDAQAB
NOTE: A DKIM signture does not have embedded lines. The example above is broken into multiple lines to make them fit on the screen.


Step-by-step Instructions

  • Open DNS Manager by typing dnsmgmt.msc in the Run Windows

    DNS Manager for DKIM
  • Right click on the domain name and select Other New Records...
  • Select TXT from the list

    New TXT record
  • Enter the selector._domainKey for Record name. Selector is the value you specified when creating the DKIM record in Xeams. We will use 20170811 for selector value in this example.

    New DKIM Record - truncated version

    At first it will appear that the window has accepted the entire string. However, once you click OK and go back in, you will see the string has been truncated. To confirm the value has indeed been truncated, run the following command from a Command Prompt:
    nslookup -q=txt 20170811._domainKey.company1234.com 192.168.1.141
    The ending IP address is the IP address of the machine where DNS server is running. Refer to the image below for the result of this command.

    NSLookup showing truncation

  • To fix this problem you will have to enter multiple lines, each with a maximum length up to the truncation point as shown below.

    NSLookup showing truncation

  • Once the DNS record is entered in multiple lines, the same nslookup command will display the full record as shown below.

    NSLookup showing truncation





Add a comment to this document

Do you have a helpful tip related to this document that you'd like to share with other users? Please add it below. Your name and tip will appear at the end of the document text.
Your name:
Your email:
Hide my email address
Verification code:
Enter the verification code you see above more submitting your tip
Tip:Please limit tips to 1000 characters