@hanno as secure RSA keys don't fit into a single DNS record could it happen that out-of-order reassembly of records result in a weak DKIM key being used for verification?