diff --git a/app/models/epp/domain.rb b/app/models/epp/domain.rb
index d3a57df1f..c4d70c2ee 100644
--- a/app/models/epp/domain.rb
+++ b/app/models/epp/domain.rb
@@ -312,6 +312,7 @@ class Epp::Domain < Domain
     keys = []
     return keys if frame.blank?
     inf_data = DnsSecKeys.new(frame)
+    add_epp_error('2005', nil, nil, %i[dnskeys invalid]) if not_base64?(inf_data)
 
     if  action == 'rem' &&
         frame.css('rem > all').first.try(:text) == 'true'
@@ -333,6 +334,16 @@ class Epp::Domain < Domain
     errors.any? ? [] : keys
   end
 
+  def not_base64?(inf_data)
+    inf_data.key_data.any? do |key|
+      value = key[:public_key]
+
+      !value.is_a?(String) || Base64.strict_encode64(Base64.strict_decode64(value)) != value
+    end
+  rescue ArgumentError
+    true
+  end
+
   class DnsSecKeys
     def initialize(frame)
       @key_data = []
@@ -381,7 +392,7 @@ class Epp::Domain < Domain
 
     def key_data_from(frame)
       xm_copy frame, KEY_INTERFACE
-   end
+    end
 
     def ds_data_from(frame)
       frame.css('dsData').each do |ds_data|
diff --git a/test/integration/epp/domain/create/base_test.rb b/test/integration/epp/domain/create/base_test.rb
index 9d817524d..e3b7a39ee 100644
--- a/test/integration/epp/domain/create/base_test.rb
+++ b/test/integration/epp/domain/create/base_test.rb
@@ -2,6 +2,51 @@ require 'test_helper'
 
 class EppDomainCreateBaseTest < EppTestCase
 
+  def test_illegal_chars_in_dns_key
+    name = "new.#{dns_zones(:one).origin}"
+    contact = contacts(:john)
+    registrant = contact.becomes(Registrant)
+
+    pub_key = "AwEAAddt2AkLf\n
+    \n
+    YGKgiEZB5SmIF8E\n
+    vrjxNMH6HtxW\rEA4RJ9Ao6LCWheg8"
+
+    request_xml = <<-XML
+    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
+    <epp xmlns="https://epp.tld.ee/schema/epp-ee-1.0.xsd">
+      <command>
+        <create>
+          <domain:create xmlns:domain="https://epp.tld.ee/schema/domain-eis-1.0.xsd">
+            <domain:name>#{name}</domain:name>
+            <domain:registrant>#{registrant.code}</domain:registrant>
+          </domain:create>
+        </create>
+        <extension>
+        <secDNS:create xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1">
+        <secDNS:keyData>
+          <secDNS:flags>257</secDNS:flags>
+          <secDNS:protocol>3</secDNS:protocol>
+          <secDNS:alg>8</secDNS:alg>
+          <secDNS:pubKey>#{pub_key}</secDNS:pubKey>
+        </secDNS:keyData>
+      </secDNS:create>
+          <eis:extdata xmlns:eis="https://epp.tld.ee/schema/eis-1.0.xsd">
+            <eis:legalDocument type="pdf">#{'test' * 2000}</eis:legalDocument>
+          </eis:extdata>
+        </extension>
+      </command>
+    </epp>
+    XML
+    assert_no_difference 'Domain.count' do
+      post epp_create_path, params: { frame: request_xml },
+           headers: { 'HTTP_COOKIE' => 'session=api_bestnames' }
+    end
+
+    assert_epp_response :parameter_value_syntax_error
+  end
+
+
   def test_not_registers_domain_without_legaldoc
     now = Time.zone.parse('2010-07-05')
     travel_to now