dkim Route53 CharacterStringTooLong (Value is too long)

When trying to add my the dkim DNS TXT record for my domain (to authenticate outgoing emails) in Amazon’s Route 53, I received the error message:

CharacterStringTooLong (Value is too long)

Apparently, this limitation does not come from Route 53 specifically but rather there is a 255-byte maximum length of a string within a single TXT record limitation when creating DNS records.

For example, the following DNS TXT record is invalid because it consists of a single string longer than 255 characters.

“abcdefghijklmnopqrstuvwxyz123456789abcdefghijklmnopqrstuvwxyz123456789abcdefghijklmnopqrstuvwxyz123456789abcdefghijklmnopqrstuvwxyz123456789abcdefghijklmnopqrstuvwxyz123456789abcdefghijklmnopqrstuvwxyz123456789abcdefghijklmnopqrstuvwxyz123456789abcdefghijklmno”

DKIM 1024 vs 2048

Because I was using a 2048 bit DKIM value, my record value was over 255 characters (you do not hit this limit when using a 1024 bit DKIM value).

Multiple Strings in a Record

In RFC4408 section 3.1.3 it says,

a single text DNS record (either TXT or SPF RR types) can be composed of more than one string. If a published record contains multiple strings, then the record MUST be treated as if those strings are concatenated together without adding spaces.

It goes on to say,

SPF or TXT records containing multiple strings are useful in constructing records that would exceed the 255-byte maximum length of a string within a single TXT or SPF RR record.

Multiple String Example

In other words, the DNS TXT record value

"abcdefghijklmnopqrstuvwxyz"

is equivalent to

"abcdef" "ghijklmn" "opqrstuvwxyz"

By providing multiple quoted strings separated by a space between the quotes, we can work around the 255 character string limit.

DKIM Record

I modified my DKIM record by adding a closing quote in the middle of the string, followed by a space, and an opening quote. I was able to save this value of multiple strings in Route 53, which was equivalent to my original single string value.

Avoid Counting Characters

Instead of splitting the record into two strings, you can split it into four strings, which allows you make each string shorter than 255 characters without counting characters to be certain you’re splitting the string near the middle.