Hey Brian,

Thanks for reaching out about this issue. After testing it myself, I can confirm that I was able to successfully copy and paste the 4096 TXT record value into my DNS service and it verified and worked. It's important to note that many DNS servers impose limitations on the size of a TXT record, typically to 255 or 512 characters. This can pose challenges when inputting DKIM signatures, particularly when they exceed 512 characters. To address this, it's crucial to split it into multiple strings. The specific procedures for doing so will vary based on the DNS server you're using. Kindly refer to the provided resources for more information.

I hope this helps. 

Thank you,

2048 works like a charm despite beeing longer than 255 characters. The 4096 bit DKIM doesnt woprk even if you follow these guidelines.

In order to serve DNS records whose payload exceeds 512 bytes, the DNS server hosting your record SHOULD either support EDNS0 and MUST be reachable over TCP/53 as well as UDP/53.

A modern DNS server will respond with UDP responses that are larger than 512 bytes if the client indicates that it supports EDNS0 in the initial query.

If a client does not indicate that it supports EDNS0, the DNS server MUST respond with a TCP referral.

A TCP referral is where the DNS server does not respond with the record content but instead sends back an answer indicating to the DNS client that the query should be re-attempted over TCP instead of UDP which does not suffer from the 512-byte payload limitation.

Not very many mail and DNS servers support 2048, let alone 4096. Amazon DNS only supports 1024 (there is a workaround). a2hosting.com and hostgator are others I can think of.

Brian,

In the other thread where you described your problems:

I tried to reproduce your problem with my two beta linux servers and my two production servers. I had no issues at all with 4096 bit keys.