Stay up to date with the latest from the Knowledge Center. See all new Knowledge Center articles published in the last month, and re:Post's top contributors.
How do I resolve the "CharacterStringTooLong (Value is too long) encountered with {Value}" error that I receive when I create a TXT record with DKIM syntax?
I tried to create a DomainKeys Identfied Mail (DKIM) text record that a third-party provided in my Amazon Route 53 hosted zone. However, I get the "CharacterStringTooLong" error message.
Resolution
DNS DKIM TXT records can contain up to 255 characters in a single string. Split your TXT record strings that are over 255 characters into multiple text strings within the same record.
Note: When you split the value, the DKIM functionality doesn't break.
To split a string into multiple strings, complete the following steps:
-
Open the resource record that you received from your third-party provider.
-
To adhere to the 255 character maximum for a single Route 53 TXT record, split the DKIM key value into two parts. To do this, follow these steps:
Copy the DKIM key value from the resource record.
Paste the DKIM key value in a new line of a text editor.
Split the DKIM key value into two parts, and then enclose each part in double quotation marks. Include a blank space between the two parts. For example, split the value for "long_string" into "long_" and "string".
Note: Don't add a line break between the two parts. -
Open the Route 53 console.
-
In the navigation pane, choose Hosted zones.
-
Select your hosted zone.
-
Choose Create record set. Complete the following steps:
For Name, enter the domain key identifier.
For Type, choose TXT.
For Alias, keep the default selection of No.
For TTL, enter the number of seconds. The default value is 300.
For Value, copy the split DKIM key value that you created in your text editor. Paste the split value in the Value field.
Choose Create. -
Use dig or nslookup to confirm that the TXT record appears as a single entry.
For dig:dig selector_key_1._domainkey.domain.com txt ... ;; ANSWER SECTION: selector_key_1._domainkey.domain.com. 60 IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1xhXc+vJKhQJUch86o8Ia2+L/AYo4d5eRVrPMMWzz4EiM4eB4QC1hJ83YMCHLv5dDN2lJ3KWSd5tGOxF/FRj1KdN+Jdf+BVwuklBFO8IrDtMz/lk2CJjF8jlgIUmQAjs3lc/8Bee+" "IQeB2tLX9UWvQMpI3aZuh6Ym6hcvLnbEkALWaMQvqwgxZs1qF6t5VKMjWeNNWIScyNTYL4Ud8wDiBcWh492HustfGUxrl5zmRfEl8BzCbrOqpKPLBmk/xrHRw9PHIJyYOaZA2PFqVcp6mzxjyUmn0DH9HXdhIznflBoIOLL1dm77PyDOKdEWRkSLMCA72mZbFr9gxda72ocQIDAQAB"For nslookup:
nslookup -q=TXT selector_key_1._domainkey.domain.com .. Non-authoritative answer: selector_key_1._domainkey.domain.com. text = "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz1xhXc+vJKhQJUch86o8Ia2+L/AYo4d5eRVrPMMWzz4EiM4eB4QC1hJ83YMCHLv5dDN2lJ3KWSd5tGOxF/FRj1KdN+Jdf+BVwuklBFO8IrDtMz/lk2CJjF8jlgIUmQAjs3lc/8Bee+" "IQeB2tLX9UWvQMpI3aZuh6Ym6hcvLnbEkALWaMQvqwgxZs1qF6t5VKMjWeNNWIScyNTYL4Ud8wDiBcWh492HustfGUxrl5zmRfEl8BzCbrOqpKPLBmk/xrHRw9PHIJyYOaZA2PFqVcp6mzxjyUmn0DH9HXdhIznflBoIOLL1dm77PyDOKdEWRkSLMCA72mZbFr9gxda72ocQIDAQAB"Related information
Would someone please be able to shed some light on why this is necessary with Route53 when other DNS services can handle the long strings properly?
I am still pretty new to AWS, but man it feels like so many things just don't work as they should.
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
The suggested solution does not work. Route 53 adds a space to the string at the point of the split.
Original TXT record: ...lNJ3n2C2kw/IPwt... Results from dig: ...lNJ3n2C" "2kw/IPwt...
As this is a DKIM record, the space causes the validation to FAIL.
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
This does work - but the instructions here are not exactly correct. This statement:
Split the DKIM key value into two parts, and then enclose each part in double quotation marks.
Should say this:
Split the DKIM key value into two parts, and then enclose each part in double quotation marks. Be sure to add a single blank space between the two strings.
So do not do this: "first string""second string" -- make sure you do this: "first string" "second string"
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
This is really poor. If it's common enough to have a knowledge base workaround then fix the root issue.
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
Ive tried few different ways of splitting it and i keep getting the test back with a space between where i split
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
3.1.3. Multiple Strings in a Single DNS record
As defined in [RFC1035] sections 3.3.14 and 3.3, a single text DNS
record (either TXT or SPF RR types) can be composed of more than one
string. If a published record contains multiple strings, then the
record MUST be treated as if those strings are concatenated together
without adding spaces. For example:
IN TXT "v=spf1 .... first" "second string..."
MUST be treated as equivalent to
IN TXT "v=spf1 .... firstsecond string..."
SPF or TXT records containing multiple strings are useful in
constructing records that would exceed the 255-byte maximum length of
a string within a single TXT or SPF RR record.
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
LOL you had several people point out with references that some instructions in the KB article are incorrect and you still haven't updated the article.
AWS - And you still havent done anything. I have spent the stupid day and it is still not working. Its just data entry, just fix your stupid screen. We dont need a KB article on it.
Has anyone got it working? Whether I add a space or not, DNSChecker says its fine. However, my Mailhost does not like either method.
This is still broken on lightsail, adding double quotes doesn't fix it.
Hello, for anyone that's running into this issue I have a solution.
When I try to setup a DKIM / TXT recrd with google._domainkey, I am getting the same CharacterStringTooLong error.
As OP mentioned, splitting the string is the way to go, but he's missing a crucial step for Route 53.
Use a text editor and select a group of text to see that the character count is under 255. You have to escape the double quotes twice. Let's say I want the string to be 240 long.
"v=DKIM1; k=rsa; p=geObDjUo5DB5Cf0BHuBLs9gc9aA3Ki0wIzmT5mp0ABDTdb4p5PDN0JjYKnVDbajsmYOLVF8M4lbDim6TLz0G3dtdEhWqJPvecuho7WS1pkfwfIxqqZWybpBYUvw8uy5JoC2UKuPQATjuViLadOfe31B7OCqHya7t6iYE5cgEiasdfasdfasdfasdfasdfasapQFffZfLwe2FXEenoMdTZc3KYtNo4S\"\"uuqZYYYspfn1QtgSNcTCbX94mLxGVcq9lrsDiIItCUYzhUR9jnbSn2pueCdP3bvfMa4G7MrkgWGDENFFi0wIzmT5mp0ABDTdb4p5PDN0JjYKnVDbajsmYOLVF8M4lbDim6TLz0G3dtdEhtLAgDUpur1W"
Note: you have to look very closely for the \"\" - no spaces, no returns, no whitespaces. In terraform, it will be all one line.
["v=DKIM1; k=rsa; p=geObDjUo5DB5Cf0BHuBLs9gc9aA3Ki0wIzmT5mp0ABDTdb4p5PDN0JjYKnVDbajsmYOLVF8M4lbDim6TLz0G3dtdEhWqJPvecuho7WS1pkfwfIxqqZWybpBYUvw8uy5JoC2UKuPQATjuViLadOfe31B7OCqHya7t6iYE5cgEiasdfasdfasdfasdfasdfasapQFffZfLwe2FXEenoMdTZc3KYtNo4S\"\"uuqZYYYspfn1QtgSNcTCbX94mLxGVcq9lrsDiIItCUYzhUR9jnbSn2pueCdP3bvfMa4G7MrkgWGDENFFi0wIzmT5mp0ABDTdb4p5PDN0JjYKnVDbajsmYOLVF8M4lbDim6TLz0G3dtdEhtLAgDUpur1W"]
Hopefully this helps others, thanks for your time. -Eddi
Relevant content
- asked 2 years ago
- asked a year ago
- AWS OFFICIALUpdated 10 months ago
