Apr 10 2021 05:12 PM - edited Apr 17 2021 06:09 AM
I haven't checked 2019 yet but 2016's Add-DnsServerResourceRecord cmdlet can't handle a key that goes beyond the 255 character limit. The mmc for DNS appears to support this just fine.
I've tried various workarounds but as soon as you cross that 255 limit, the cmdlet fails. This is a real pain in the neck if you've got 162 domains to manage and want to inject DKIM public keys into all of them with a script.
Even Microsoft is now recommending the use of 2048-bit keys in its M365 documentation. I've had to stick with 1024-bit for now and manual set critical domains to 2048-bit. I hope Microsoft fixes this issue back to Windows Server 2016 urgently.
Has anyone figured out any workarounds to this issue?
T.I.A.
Apr 11 2021 05:46 AM
Might try asking for help over here on QnA
windows-server-powershell - Microsoft Q&A
or report this as feedback over here on uservoice
PowerShell: Hot (1955 ideas) – Windows Server (uservoice.com)
Apr 11 2021 06:01 AM