Why do I need to escape ; with \ in a DNS DKIM record?

Solution 1

The choice of what characters are special and require escaping would depend on the nameserver being used as well as what interface is being used to configure the nameserver (for instance if you're using a web-based configuration tool it might automatically escape ; characters for you).

The standard zone file (as defined by RFC 1034/1035) uses the ; character to start a comment. If you did not have a backslash, text from the semicolon to the end of the line would be ignored by the server.

Note that bind does not consider a ; inside of an already quoted string to start a comment and require escaping, but will handle it if you did. Both of these should produce the same response:

IN TXT "asdf;jkl"
IN TXT "asdf\;jkl"

Also note that when you use dig or host, the output printed by those will add a backslash to the semicolon for reasons long forgotten.

Solution 2

A ; is the comment character for a zone file , much like # in most Linux config files. It tells Bind to stop reading from the ; onward until the end of that line.

If you have a need to have the character ; within the contents of a DNS record you can surround the record contents with " " and it will be displayed without any interpretation. TXT and SPF records use this format (taken from the OpenDKIM standard):

_domainkey.DOMAIN.TLD. IN TXT "t=y; o=-;"

SELECTOR._domainkey.DOMAIN.TLD. IN TXT "k=rsa; t=y; p=YOUR_PUBLIC_KEY_HERE"

In my zone files I do not have \ characters at all. Commented values are preceded by a ;

; HOST Definitions
mail A 1.2.3.4 ; mail server
time A 1.2.3.4 ; ntp server

I'm not sure why you would have a need to include an escaped ; character in your DNS records at all. That would mean that Bind would try to interpret it as a hostname or other value.

Related videos on Youtube

09 : 19

How To Setup DKIM in 3 Steps - Set Up DNS & EMail

RAZR

92

04 : 01

What is DKIM? (DomainKeys Identified Mail) | Simple and easy

H-EDUCATE

41

11 : 38

What is DKIM record | Implement DKIM record in Office 365.

Office 365 Concepts

7

21 : 13

Email DNS Master Course | SPF + DKIM + DMARC Explained

AHT Cloud

3

12 : 00

Active Campaign - Setup DKIM\SPF Records in DNS For Email Deliverability

The Marketing Good Guys

2

02 : 13

Why do I need to escape ; with in a DNS DKIM record? (2 Solutions!!)

Roel Van de Paar

1

Author by

peter

I started programming in high school, making my own versions of popular games (Lunar Lander). I wrote some parts in Assembly Language. I eventually bootstrapped a healthcare startup to $3M revenue. I began my professional career working for consulting firms, then started my own software company and created 17 programs providing speech therapy to stroke survivors . I marketed and sold it worldwide. A few years ago, I fully automated my company so it wouldn’t need my involvement, freeing me for new challenges. I’ve spent my career helping technical and non-technical stakeholders understand each other’s needs. A few years ago, I returned to consulting, sharpening my skills in areas that I most enjoyed as a business owner. As I took classes and read a wide range of books, what particularly resonated was the importance of listening. For example, each sale happens in the prospect’s mind. They know what they want. They’ll tell us if we ask and listen with genuine curiosity. I first learned this selling our software. After I explained what a patient needed, caregivers often asked “how did you know exactly what we need?”. I just smiled, never revealing my secret: I asked curious questions. You told me. I listened. It turns out, that’s helpful in all sales, and all communication. I’ve loved consulting with a variety of businesses, but I miss learning & growing with a team working toward a common purpose. My Resume Portfolio

Updated on September 18, 2022