Unable to setup DKIM TXT-Value as DNS-Record

dkim check
dkim authentication settings update failed
dkim dns record
dkim record
dkim splitter
how to check dkim record using nslookup
dkim 2048 bit key dns
dkim generator

I have a domain name which DNS is edited via Google Cloud DNS. And I have a Google Apps for Work Account with that domain name.

I wanted to set up DKIM-authentication but when I try to save the corresponding TXT-Record I get the error that the Tag is invalid.

I did the same before and it worked perfectly. I checked the old setup and I saw that the old DKIM-record was about half the length. The new one seems to be too long for a TXT-record in the Google Cloud Platform.

Does anyone have a solution?

yeah, you have to split the record as described in this article:


If your domain provider limits the size of the TXT record value to 255 characters, you can't enter the DKIM key as a single entry in the DNS records. In this case, split the key into multiple quoted text strings and enter them together in the TXT record value field. For example, split the DKIM key into two parts as follows:

"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAraC3pqvqTkAfXhUn7Kn3JUNMwDkZ65ftwXH58anno/bElnTDAd/idk8kWpslrQIMsvVKAe+mvmBEnpXzJL+0LgTNVTQctUujyilWvcONRd/z37I34y6WUIbFn4ytkzkdoVmeTt32f5LxegfYP4P/w7QGN1mOcnE2Qd5SKIZv3Ia1p9d6uCaVGI8brE/7zM5c/" "zMthVPE2WZKA28+QomQDH7ludLGhXGxpc7kZZCoB5lQiP0o07Ful33fcED73BS9Bt1SNhnrs5v7oq1pIab0LEtHsFHAZmGJDjybPA7OWWaV3L814r/JfU2NK1eNu9xYJwA8YW7WosL45CSkyp4QeQIDAQAB"

The two quoted strings have to stay on the same line - in the same box in the Cloud DNS interface rather than in two separate boxes.

Unable to setup DKIM TXT-Value as DNS-Record, Unable to setup DKIM TXT-Value as DNS-Record. dkim check dkim authentication settings update failed dkim dns record dkim record dkim splitter create dkim  TXT Value: Paste the DKIM TXT record details provided by Zoho Campaigns' account. TTL : Enter how long the server should take to cache the information. Click Save DNS .

I just ran into the same issue.

The google DKIM keys text strings are longer than most other DKIM keys (probably higher bit count) and won't fit into the 255 length limitation per TXT field.

The way to get around this is to do two TXT entries and end the first with a \ or use ( in the first and ) in the second.

The google cloud DNS parser seems to not allow a trialing \ and ) or preceding (.

There may be some way to escape it on the Google Cloud DNS tool - but it is not obvious.

Ok I have a solution.

Make sure to only do 1 TXT record entry and not add multiple TXT records - this is the key step.

If you click "Add Item" when setting up the TXT record this actually creates another TXT record and both records may resolve in any order and the DKIM won't validate.

The trick is to make sure to place the broken up strings into the first text input only and break them into small enough pieces that they all get parsed in the correct sequential order.

Resolve the "CharacterStringTooLong (Value is too long , I tried to create a DKIM text resource record provided by a third party in DNS TXT records can contain up to 255 characters in a single string. Create a DKIM TXT record. Use the following steps to create a DKIM TXT record in the Cloud Control Panel: Log in to the Cloud Control Panel. In the top navigation bar, click Select a Product > Rackspace Cloud. Select Networking > Cloud DNS. Click the gear icon next to the name of an existing domain and select Add DNS Record.

Route 53 doesn't allow adding DKIM keys because length is too , You will need to split your DKIM into multiple strings for your TXT record. You can do this via For example, if your value looks something like: "v=DKIM1 Google's setup instructions, unsurprisingly, are terrible. I just wrote up a If you happen to host your DNS using AWS Route53, insert each part quoted with "" into the  In this Microsoft official guide, you’ll discover how to create a DKIM record Office 365, how to configure DKIM for more than one domain, how to upgrade 1024-bit keys to 2048-bit DKIM encryption keys, and much more. Amazon SES. To create a DKIM record on AWS, you have to accomplish five steps laid out in this documentation. You will also find

Select bit length "1024" while generating DKIM records at Gsuite Admin console. This worked for me.

1. Generate a DKIM key for your domain, Add DKIM domain key to domain DNS records Use the text at TXT record value to update the DNS record at your domain host. Gmail, you might see this error: "We are unable to process your request at this time. If you're setting up DKIM for more than one domain, repeat Steps 4–6 to get a DKIM key for each domain. Click on the domain name you wish to create a TXT record for. Click Manage DNS Records. Here you will add the desired TXT record, provided by your host. Select TXT in the Type drop-down menu. If provided a subdomain or host, enter it in the Host field. Enter or copy+paste the value (string) into the Answer field.

Unable to setup DKIM with Squarespace, In the DNS settings I created a new txt entry using zmail._domainkey as host and pasted the text value into the data field, save, and verified right away. A TXT record is a type of DNS record that provides additional information about your domain. Each TXT record consists of a name and a value. When you initiate domain verification using the Amazon SES console or API, Amazon SES gives you the name and value to use for the TXT record.

How to setup SPF and DKIM TXT records for your domain, Go to your domain hosting website's Settings page and paste the copied record values and Publish them to the DNS servers. After your records are published, go​  Domain providers use different names for the page where you'll update the DNS record, like cPanel, Zone Editor, Zone File Settings, Manage Domains, Domain Manager, DNS Manager, or something similar. Example CNAME Record for DKIM. Here's an approximate example of what your CNAME record will need to look like to set up DKIM authentication.

DKIM authentication troubleshooting, We can't seem to locate your DKIM record Depending on your DNS host settings, it can take the TXT record value you entered in your DNS host if they have seen the update. This means that if DKIM is not manually setup, Office 365 will use its default policy and keys to enable DKIM. Also, if we disable DKIM signing after enabling it, Office 365 will automatically apply the Office 365 default policy for this domain.

  • did you manage the solve it? I am stacked at the same problem.
  • I struggled to get this to work until I added the two separate quoted strings to the same line of "TXT data" without adding another item/line. The way you show it in your answer looks like you're saying that should be two TXT record items. Google Cloud DNS does something weird when you make separate records like that so it ends up not passing tests at mxtoolbox.com and dmarcanalyzer.com. After combining both quoted strings into one line separated by one space like "v=DKIM1; k=rsa; p=MIIBI...M5c/" "zMt...QAB" all in one single record, now it passes DKIM validation.
  • @FlippingBinary OMG, thank you! That was it!
  • I have running the same problem but my string does not contain any \` or (` to split from there. How can I do it?
  • The DKIM key goes in the regular TXT record data between the quotes " ". The \ or ( ) are special escape characters that need to be present in the DNS TXT RR entry outside the DKIM information to tell the DNS resolvers which order to glue the multiple TXT records together. These need to be added somehow - but the Google Cloud DNS front end doesn't seem to have a way to do it.
  • @xbill - A TXT record in DNS can have 1 or more strings, which are to be interpreted by clients as being concatenated together - they are entered and stored as distinct strings. You'd specify this in a BIND master file by using "string 1" "string 2" and the Cloud DNS API (and Cloud Console) accepts the same format.
  • The Google Cloud DNS interface is so confusing. You have to split the string with spaces, wrap them in double quotes, then paste all that into a SINGLE string within the UI. Then it works. Taken an hour to piece all this info together to get it working. Thanks for pointing me on the right direction. How anybody could figure this out before!
  • I read somewhere this approach is not recommended because what goes beyond 255 characters, which is the standard, is implementation dependant. Nowadays servers will join those strings, ending up with v=DKIM1;k=rsa;p=MIIBIjA... instead of v=DKIM1; k=rsa; p=MIIBIjA... which is invalid in some recipient servers. I'd recommend FlippingBinary's approach as explained above.