What is a DNS TXT record?

Posted on by Mark

What is a TXT record?

The TXT record is a type of DNS record that has TXT-DATA filed with instructions that can work with existing DNS servers. The actual text is formatted, so it has an attribute name than a value for that attribute, and the “=” sign separates the two. The most common way of TXT record use is for email verification, but it also servers for various verification and authentication methods. Some services (Google Apps, Microsoft Office 365, and more) will ask you to add such a DNS record to your zone to prove that you have control over your domain.

How does TXT records work?

Common examples of TXT DNS records:

  • DKIM record. Domain keys Identified Mail. It associates emails and the domain name. It uses cryptography to secure and provide trust for the receiver that the mail hasn’t been altered. The receiver will have access to the public key and can verify the incoming emails. It is often used, together with the next two (DMARC and SPF), in a combination to check the emails sending, receiving fully, and feedback process.

Example of DKIM record – k=rsa; t=s;

p=MIGfMA0sCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDGMjj8MVaESl30KSPYdLaEreSYzvOVh15u9YsAmTLgk1e

cr4BCRq3Vkg3Xa2QrEQWbIvQj9FNqBYOr3XIczzU8gkK5Kh42P4C3DgNiBvlNNksBlA5ITN/EvVAn/ImjoGq5IrcO

+hAj2iSAozYTEpJAKe0NTrj49CIkj5JI6ibyJwIDAQAB

  • DMARC record. Domain-based Message Authentication, Reporting, and Conformance. A mechanism for both the sender and receiver to be able to check if the email is legit and what to do with it. It uses DKIM and SPF to verify the origin of an email (the from field). In a world full of phishing emails, it is really important to see which are true and which are modified emails.

Example of DMARC record – v=DMARC1;p=none;sp=quarantine;pct=100;rua=mailto:dmarcreports@example.com

  • SPF record. The sender policy framework record shows which servers can send emails from the name of the domain name. Again anti-spam and authentication purpose. Using SPF will increase the success rate of received emails and will protect your brand reputation.

SPF record example – v=spf1 ip4:192.0.2.0/24 ip4:198.51.100.123 ip6:2620:0:860::/46 a -all

Why do you need a TXT record?

You will need TXT records for verification purposes, mostly related to sending and receiving emails. Without well-configured TXT records, your emails will be sent to spam folders, and you won’t be able to have secure communication. If you want to be sure and give the best chances to your emails, you will need to use various TXT records together to verify and authenticate your outgoing mail servers, link the emails to the domain name, and be sure everything is well encrypted.

What’s inside a TXT record?

The TXT DNS record can have a bit different structure than a typical DNS record. It could be easily readable from a human too. What you will usually have is:

  • Hostname – indicating for which host it is and could have.
  • Type: SPF, DMARC, or DKIM.
  • Points to: the value depend on the type of the record. It could be a hash for the encryption or IP address or addresses + attribute that provide more instruction on further actions.
  • TTL: Time to live value.

How to probe TXT record?

Probe TXT record on Linux and macOS, using the dig command and test them in Windows with nslookup.

Linux and macOS.

  1. Open the Terminal application.
  2. Type: “dig TXT yourdomainname.com”. In the example, you need to change yourdomainname.com with the actual domain name you want to test.
  3. You will get all the TXT records that exist for the domain name.

Windows

  1. Open the Command Prompt.
  2. Type: “nslookup -type=txt yourdomainname.com”. Change yourdomainname.com with the one you want to probe.
  3. You will get the result, the TXT records. 

Now you know what a TXT DNS records is, why should you include them, what do TXT records have inside and how to check them. Go ahead and use them! 

Leave a Reply

Your email address will not be published. Required fields are marked *