Adding 2048-bit DKIM DNS record via PowerShell doesn't work. 2016 UI works.

Question

I haven't checked 2019 yet but 2016's Add-DnsServerResourceRecord cmdlet can't handle a key that goes beyond the 255 character limit. The mmc for DNS appears to support this just fine. Having a disconnect between the UI and the CLI is really disappointing.

I've tried various multi-string workarounds but as soon as you cross that 255 limit, the cmdlet fails. This is a real pain in the neck if you've got 162 domains to manage and want to inject DKIM public keys into all of them with a script.

Even Microsoft is now recommending the use of 2048-bit keys in its M365 documentation. I've had to stick with 1024-bit for now and manual set critical domains to 2048-bit.

Does anyone know a technique to get this to work with PowerShell or the CLI?

T.I.A.

Answer 1

Hi,

As you can see, the feedback has been reported in uservoice. UserVoice is where you can provide feedback to the Microsoft Product Groups who are now monitoring these forums.

Can it be updated please? It would be helpful if the documentation stated this limitation so that others don't spend as much time as I have trying to find a workaround that doesn't involve the UI.

Please understand, document updating is beyond our forum support range. It is more related with Document team. You might post the feedback in corresponding document and document team may monitor the feedback.

Best Regards,
Candy

--------------------------------------------------------------

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.