DNS Record Splitter

Split long DNS TXT records (DKIM, SPF, and others) into 255 character segments for Google Cloud DNS, AWS Route 53, Azure DNS, and any provider that does not split records automatically. Free, instant, no signup required.

Paste your DNS TXT record 0 characters

Output format

Quoted

Plain

Quoted format is required by Google Cloud DNS and AWS Route 53. Plain format works for providers that accept raw multi-line input.

Runs entirely in your browser, your record never leaves your device, no logs, no signup

How to Use the DNS Record Splitter

Paste your long DNS TXT record into the input box. This is most commonly a DKIM public key, but it can also be a long SPF, DMARC, or domain verification record

Choose your output format. Use Quoted for Google Cloud DNS, AWS Route 53, and Azure DNS. Use Plain if your provider accepts raw multi-line input

Click Split Record. The tool checks the length, splits anything over 255 characters, and shows you the formatted output plus a segment by segment breakdown

Click Copy and paste the formatted value into your DNS provider's TXT record field. Save, then wait for DNS propagation (typically 5 to 60 minutes)

Why DNS TXT Records Need to Be Split

DNS TXT records are limited to 255 characters per string, a limit set by RFC 1035. Any value longer than 255 characters must be broken into multiple shorter strings, which DNS resolvers automatically concatenate back together when queried. Some providers handle this automatically. Others, like Google Cloud DNS and AWS Route 53, will reject the record with an error until you split it manually.

Splitting a DKIM Key

The most common trigger for needing this tool is a DKIM public key. 2048-bit DKIM keys are typically 400 to 450 characters long, well above the 255-character limit, making them impossible to publish as a single DNS string without splitting.

When you generate a 2048-bit DKIM key, your email service or key generator outputs the full public key as one continuous string. This string needs to be broken into two segments of 255 characters or less before it can be published to DNS. Most providers that require manual splitting expect each segment to be wrapped in double quotes and placed on a single line, for example: "segment1" "segment2".

Using the wrong format, adding extra spaces, or cutting the key at the wrong character will cause DKIM authentication to fail, since the public key is cryptographic data and a single missing or misplaced character invalidates it entirely.

Paste your full DKIM key into the tool above, select Quoted format, and copy the output directly into your DNS provider's TXT record field. Generate a key with our DKIM Record Generator, split it here, then verify the published record is correct with our DKIM Checker.

DNS Providers and How They Handle Long TXT Records

Not every DNS provider behaves the same way. Here is a quick reference covering the major providers and whether they need manually split records.

Provider	Behavior	Recommended format
Google Cloud DNS	Rejects long unsplit TXT records with an `invalid record data` error. Splitting is mandatory	Quoted format, each segment in double quotes
AWS Route 53	Requires each 255 character string to be wrapped in its own pair of double quotes	Quoted format, all segments on one line separated by spaces
Azure DNS	Requires manually split strings when adding records through the portal or CLI	Quoted format
DigitalOcean	Does not automatically split long TXT values entered through the control panel	Quoted format
Cloudflare	Splits long TXT records automatically when you save. No manual action needed	Plain format (paste the full record as is)
GoDaddy	Accepts the full unsplit record and handles the splitting internally	Plain format
Namecheap	Handles long TXT records automatically in most cases	Plain format
BIND (self hosted)	Supports both formats. Quoted segments are the traditional zone file syntax	Either, quoted preferred for clarity

Why Correct Splitting Matters for Email Authentication

A broken TXT record breaks the protocol that depends on it. DKIM, SPF, and DMARC all live in TXT records, so a malformed split (extra spaces, missing quotes, or characters cut off) will cause email authentication failures that are painful to diagnose.

DKIM key integrity

A 2048 bit DKIM public key is cryptographic data. A single missing character means the receiving server cannot verify your signatures and emails fail DKIM checks.

Long SPF records

SPF records with many include: mechanisms can exceed 255 characters. Splitting incorrectly can also cause the 10 DNS lookup limit to be hit unexpectedly.

DMARC reporting URIs

DMARC records with multiple rua and ruf URIs and verbose policies can exceed the limit. A bad split makes the entire DMARC record unparseable.

Save hours of troubleshooting

An incorrectly split record can take hours to diagnose, especially across propagation delays. Using a tool eliminates the most common source of human error.

Once your record is in place, verify it works using our DKIM Checker, SPF Checker, DMARC Checker, or full DNS Record Lookup.

Technical Notes on the 255 Character Limit

Per RFC 1035 Section 3.3.14 and RFC 7208 (for SPF), a single character string in a TXT record is limited to 255 octets because the length is stored in a single byte preceded by a length octet. A single TXT record, however, can contain multiple character strings, and there is no DNS protocol limit on the total length (only on the UDP message size of 512 bytes, which is why long records may force DNS resolvers to fall back to TCP or EDNS0).

When a DNS resolver returns a TXT record containing multiple strings, every modern application concatenates the strings back together with no delimiter. So "part1" "part2" is interpreted as part1part2, exactly as if you had stored a single longer string. This is why the splitting is purely a storage detail, the record value, once resolved, is identical.

Frequently Asked Questions

What is a DNS record splitter?

A DNS record splitter is a tool that breaks a long DNS TXT record into 255-character segments so it can be saved correctly in DNS providers that don’t split records automatically. The 255-character limit comes from RFC 1035, the original DNS specification, and applies to every individual character string inside a TXT record. The full record value is preserved. It’s just stored as multiple shorter strings that DNS resolvers concatenate back together when queried.

Which DNS providers require manual TXT record splitting?

Google Cloud DNS, AWS Route 53, Azure DNS, and DigitalOcean require you to split long TXT records manually before saving. Cloudflare, GoDaddy, and Namecheap handle the splitting automatically when you paste the full record. BIND supports both formats, but quoted segments are the traditional zone file syntax. If you’re not sure, paste it as-is first. If the provider throws a length or format error, come back here and split it.

Will splitting my TXT record change its value or break DKIM verification?

No. When a DNS resolver retrieves a TXT record containing multiple character strings, every modern mail server and library concatenates them with no delimiter, so “part1” “part2” becomes part1part2, identical to the unsplit value. Your DKIM signatures will verify correctly, SPF will evaluate the same mechanisms, and DMARC will parse the same policy. The split is purely a storage detail.

Why do I need to split my DKIM record?

Most 2048-bit DKIM public keys are between 400 and 450 characters long, which exceeds the 255-character limit for a single TXT string. Providers like Google Cloud DNS, AWS Route 53, and Azure DNS reject the unsplit value with errors such as invalid record data. Splitting the key into properly quoted 255-character segments lets the provider accept the record while keeping the cryptographic value identical when resolvers read it back.

What’s the difference between Quoted and Plain output?

Quoted format wraps each 255-character segment in double quotes (“segment1” “segment2” “segment3”), which is what Google Cloud DNS, AWS Route 53, and Azure DNS require. Plain format outputs the segments as raw multi-line text without quotes, which works for providers that accept unquoted multi-line input or for use inside a BIND zone file with custom syntax. When in doubt, use Quoted. It’s the safer default.

Is this DNS record splitter safe to use with private keys?

The tool runs entirely in your browser, which means your record value never leaves your device. Nothing is sent to PowerDMARC servers, nothing is logged, and no signup is required. That said, the DNS record splitter is designed for public DKIM keys, SPF records, DMARC policies, and domain verification strings. You should never paste a DKIM private key into any web tool, including this one. Only the public key (the value you publish in DNS) needs splitting.