TXT record

DNS record type

A TXT record (short for text record) is a type of resource record in the Domain Name System (DNS) used to provide the ability to associate arbitrary text with a host or other name, such as human readable information about a server, network, data center, or other accounting information.^[1]

It is also often used in a more structured fashion to record small amounts of machine-readable data into the DNS.

Background

A domain may have multiple TXT records associated with it, provided the DNS server implementation supports this.^[1] Each record can in turn have one or more character strings.^[2] Traditionally these text fields were used for a variety of non-standardised uses, such as a full company or organisation name, or the address of a host.

Some examples of TXT usage:

• Verification of domain ownership^[3][4]
• Implementation of Sender Policy Framework (SPF)^[5]
• DomainKeys Identified Mail (DKIM) records for verifying the sender of email messages^[6]
• Zero-configuration networking DNS-based service discovery^[7][8]
• Domain-based Message Authentication, Reporting and Conformance (DMARC) policies

Using TXT records to store data for different purposes is not without problems. The DNS protocol specifies that when a client queries for a specific record type (e.g., TXT) for a certain domain name (e.g., example.com), all records of that type must be returned in the same DNS message. That may lead to large transactions with lots of "unnecessary" information being transferred and/or uncertainty about which TXT record to use. There are two ways around this: to specify a domain name prefix to be used when using TXT records for a specific purpose (e.g., _domainkey.example.com – in the DKIM case) or to create a new record type entirely. The former is "easy" because it doesn't require any changes to the DNS. The latter is sometimes considered "cleaner" as it matches the design of the DNS database model better. In the past, creating new record types was often avoided since it was a complicated procedure in the IETF. The reluctance lingers with some people despite the process having been replaced by a much lighter and quicker one.

Format

The structure of the TXT record is specified in RFC 1035^[2] as follows. Note that the specification is silent on the subject of character encoding of the text string. It explicitly states that the interpretation of the string is context dependent, and that the data is treated as binary inside the DNS. Later specifications (e.g., RFC 6763^[8] – DNS used for service discovery) may require the use of specific encodings for specific purposes.

The RDATA section may contain multiple consecutive occurrences of (TXT Length + TXT). Data Length is the length of them all combined.

As unstructured text, organisations can use the TXT string in any way they define, for example:

example.com. IN TXT "This domain name is reserved for use in documentation"

RFC 1464 defines a structured format that can be used to define attributes and their values in a single record,^[1] as in these examples:

host.widgets.com. IN TXT "printer=lpr5"sam.widgets.com. IN TXT "favorite drink=orange juice"

In practice, services using TXT records often do not follow this RFC, but instead have their own specific format.^[9][10]

Example usage

The character string from a TXT record used for SPF:

"v=spf1 ip4:192.0.2.0/24 ip4:198.51.100.123 ip6:2620:0:860::/46 a -all"

An example of use for DMARC:

"v=DMARC1;p=none;sp=quarantine;pct=100;rua=mailto:[email protected];"

Use for site verification:

"google-site-verification=6P08Ow5E-8Q0m6vQ7FMAqAYIDprkVV8fUf_7hZ4Qvc8"

Use for custom email service:

_amazonses.example.com. IN TXT "pmBGN/7MjnfhTKUZ06Enqq1PeGUaOkw8lGhcfwefcHU="

Brand Indicators for Message Identification (BIMI):

default._bimi TXT "v=BIMI1; l=https://example.com/image.svg; a=https://example.com/image/certificate.pem"

See also

• List of DNS record types
• DMARC
• DKIM
• E-mail authentication

References

1. R. Rosenbaum (May 1993). Using the Domain Name System To Store Arbitrary String Attributes. Network Working Group. doi:10.17487/RFC1464. RFC 1464. Experimental.
2. P. Mockapetris (November 1987). DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION. Network Working Group. doi:10.17487/RFC1035. STD 13. RFC 1035. Internet Standard 13. Obsoletes RFC 882, 883 and 973. Updated by RFC 1101, 1183, 1348, 1876, 1982, 1995, 1996, 2065, 2136, 2137, 2181, 2308, 2535, 2673, 2845, 3425, 3658, 4033, 4034, 4035, 4343, 5936, 5966, 6604, 7766, 8482, 8490 and 8767.
3. "Verify your site ownership". Retrieved 18 December 2018.
4. "Domain Verification". Facebook. Retrieved 18 December 2018.
5. S. Kitterman (April 2014). Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1. Internet Engineering Task Force. doi:10.17487/RFC7208. ISSN 2070-1721. RFC 7208. Proposed Standard. Obsoletes RFC 4408. Updated by RFC 7372, RFC 8553, and RFC 8616.
6. "About TXT records". Google Apps Administration. Retrieved 2014-08-17.
7. S. Cheshire; M. Krochmal (February 2013). Multicast DNS. IETF. doi:10.17487/RFC6762. ISSN 2070-1721. RFC 6762. Proposed Standard.
8. S. Cheshire; M. Krochmal (February 2013). DNS-Based Service Discovery. IETF. doi:10.17487/RFC6763. ISSN 2070-1721. RFC 6763. Proposed Standard. Updated by RFC 8553.
9. "DNS Record Verification". WebNots. 2 July 2013. Retrieved 21 December 2018.
10. "Amazon SES Domain Verification TXT Records". Amazon. Retrieved 21 December 2018.