DNS TXT Records Explained

TXT is an acronym for Text. It’s a format used in DNS which allows the data to be stored in a text file and then read back by the computer that needs it. TXT records are used to mark up the different types of information stored in DNS. Technically, it’s not a type of record — rather, it’s a structure containing records like the hostname, port number, and IP address of a domain.

This article explains everything you need to know about DNS TXT Records and why every DNS administrator should be familiar with them.

About DNS TXT Records

DNS TXT records are text-based records that exist in the DNS zone files. These records are stored in TXT format, which stands for “text.” It’s easily readable by both humans and machines to retrieve information about the domain. TXT records are important for a couple of reasons:

➜ it stores information about any given domain name such as the email address of the webmaster, or even more specific data like the IP address of the web server.

➜ it allows for extra data to be stored with each domain name entry, which can be used by applications like web servers or mail servers to provide additional functionality when processing requests for resources on your domain. For instance, indicating whether or not the zone is a stub, forward only, or slave.

➜ TXT records store more information than just numbers. For instance, an email spam prevention service might use TXT records to help ensure that each of its users’ emails is being sent from a compliant list of IP addresses, using the same SPF policy as the rest of their infrastructure.

➜ A domain ownership verification service might use TXT records to verify that the DNS A records for each domain they own appear in a particular order and have a particular number of CNAMEs pointing back to them.

*Do you know? The SPF record was the preferred method for storing framework policy data. However, in 2014, the SPF record was deprecated and replaced with a new record type called TXT records. This was because it was easy to implement and maintain.

TXT Records Example

TXT records are meant for short, simple text values. They have no strict formatting requirements, but there are some guidelines to follow.

For example, if you were writing a TXT record with a text value longer than 255 characters, you would have to split your value into separate parts and then add each part after the comma in the text field. In addition, each section of text longer than 255 characters must be enclosed in double quotes.

TXT Record format for 255+ characters:

Name of Record Record Type Value TTL
ABC TXT “sample text” “sample text” 3600

TXT Record format for less than 255 characters:

Name of Record Record Type Value TTL
ABC TXT sample text 3600

Uses of DNS TXT Records

TXT records are a useful feature of the DNS. These records can be applied in many different ways like:

A. Preventing Email Spam & Spoofing

DKIM Records

A DKIM TXT record is an important step in verifying that email messages are legitimate. These records create a digital signature for each email message that indicates it was signed by a specific individual or organization. This signature is added to each email message as it goes through the system and allows recipients to verify that they have received an authentic email message from a specific sender.

Learn how to configure the protocol with our DKIM setup guide.

DMARC Records

The Domain-based Message Authentication, Reporting & Conformance (DMARC) records are an important type of DNS TXT records. They verify the authenticity of emails sent from a domain and use a set of rules that tell email servers what action to take when an email is received.

The DMARC TXT record contains information about the sender, sender domain, message subject, recipient domain (if applicable), and address validation policy. These determine if an email was sent from a trusted domain or not. If the rules say that an email should be rejected or allowed based on those criteria, it will be rejected or allowed accordingly.

Here’s an example of what a DMARC record might look like in your DNS TXT Records field:

Name _dmarc.my-example-domain.com
Value v=DMARC1; p=quarantine rua=mailto: [email protected]
TTL 1800

DMARC records are usually in the TXT format and contain information about the domain’s policy on receiving emails from certain domains. It allows the user to define recipient policies for emails that arrive with forged headers or messages that have been altered in transit, which can be used by email clients to determine whether or not to allow delivery.

SPF Records

An SPF record in DNS is a DNS TXT record that tells email servers whether or not to accept messages from a given IP address. The SPF field contains a list of IP addresses and the associated SMTP servers for each IP address, and it allows email servers to check the validity of incoming mail messages from the domain owner before they are delivered to their intended recipients.

SPF records help prevent email spoofing by showing that the IP address of the server carrying out the request is authorized to send mail on behalf of a domain. This prevents anyone else from pretending to be the domain owner and sending out fraudulent messages in their name.

B. Domain Ownership Verification

The DNS TXT Record acts as a simple, yet powerful tool for verifying domain ownership.

A domain registrar will usually provide you with a verification code, which is an ASCII string that contains the text of your record. The code can be used to query your DNS server and verify that you are the registered owner of the domain.

However, if you want to make sure that your identity is confirmed, there are other ways to go about it. You can add a TXT record to your website’s root directory with a verification string for the domain registrar. This is another way for them to verify ownership of your domain.

Here’s an example of what a domain ownership verification might look like in your DNS TXT Records field:

Name: blank or @ (depends on provider)
Record Type: TXT
Value: example-site-verification=35LhR11sr4Lg10vPT4CRT0921opo5dRbYq7TuWzBRYQh
TTL: 1800

TXT Record Data Rules

In the early days of DNS, TXT records were simple text strings that could be used to associate data with a domain. However, as time went on and the Internet grew more complex, administrators needed more data-specific ways to store information about their domains.

In 1993, the IETF defined a new format for storing attributes and their corresponding values in the ‘value’ field of TXT records. The format was one attribute and its value in a pair of quotation marks (“) separated by an equal sign (=).

It’s common for DNS servers to get a little creative with how they store TXT records. Most will limit how big they can be and how many they can store, which means that sometimes you as an administration won’t be able to use TXT records for large amounts of data.

But what happens when you need more than one kind of information in your TXT record?

Unfortunately, no one knows exactly how many variations there are on how TXT records should look or be formatted—and it’s not just because there’s no consensus as to what constitutes a standard format; there are also different standards by which different types of DNS servers operate and how they store data differently from one another.

For example, when using TXT records to store DMARC policies—the format of the text record must be standardized.

Adding TXT Records to a DNS Server

The steps to add a TXT record vary by host, but they generally involve these generic instructions:

  1. Log into your domain-hosting account.
  2. Go to your domain’s DNS settings page, which may be called something like ‘Domain Name Management’ or ‘Name Server Settings’.
  3. Locate the TXT records form for your domain on this page.
  4. Create an entry of TXT records for the domain and each of its subdomains.
  5. Save your changes and wait. Expect the changes to take effect within a few minutes or up to 72 hours.

TXT Record Lookup

The process for finding DNS TXT records is relatively simple. It can be done via the command line in operating systems, but it can also be performed through an online TXT Record Lookup Tool.

via Command Line

Open a command line and run one of these commands (based on your OS).

✓ For Unix and Linux systems

$ dig TXT your-domain.com

✓ For Windows systems

c:\ > nslookup -type=TXT your-domain.com

The response will be displayed like this:

your-domain.com. 3600 IN TXT “logmein-verification-code=696afg6f-6700-40e4-96r5-561b462c9a26”

via Online

The DNS TXT Record Lookup Tool enables you to lookup for a DNS TXT record by entering a domain name or IP address. The tool displays all the available records associated with the given domain name or IP address, including those that have been created recently. You can also perform a reverse lookup via the tool.

Need Help Creating TXT Records?

Have you ever had to create TXT records for email security?

We’ve all been there. You’re trying to make sure your email gets through to the inbox, but you’re not sure what to put in those TXT records that are supposed to help prevent spam from reaching the inbox in the first place.

Well, don’t worry—PowerDMARC has got your back!

We can create TXT Records for email security that will help your business stay compliant with email compliance tools like a DMARC analyzer

This is especially important because it protects you against phishing attacks and malware. And when you’re fighting phishing attacks, every little bit helps—so let us help.