|Internet protocol suite|
A TXT record (short for text record) is a type of resource record in the Domain name system (DNS) used to provide the ability to associate arbitrary text with a host or other name, such as human readable information about a server, network, data center, or other accounting information.
It is also often used in a more structured fashion to record small amounts of machine-readable data into the DNS.
A domain may have multiple TXT records associated with it, provided the DNS server implementation supports this. Each record can in turn have one or more character strings. Traditionally these text fields were used for a variety of non-standardised uses, such as a full company or organisation name, or the address of a host.
In 1993 RFC 1464 proposed a simple approach to storing attributes and their values in these text fields. This is now used extensively in:
- Verification of domain ownership
- Implementation of Sender Policy Framework (SPF)
- DomainKeys Identified Mail (DKIM) records for verifying the sender of email messages
- Zero-configuration networking DNS-based service discovery
- Domain-based Message Authentication, Reporting and Conformance (DMARC) policies
Using TXT records to store data for different purposes is not without problems. The DNS protocol specifies that when a client queries for a specific record type (e.g., TXT) for a certain domain name (e.g., example.com), all records of that type must be returned in the same DNS message. That may lead to large transactions with lots of "unnecessary" information being transferred and/or uncertainty about which TXT record to use. There are two ways around this: to specify a domain name prefix to be used when using TXT records for a specific purpose (e.g., _domainkey.example.com – in the DKIM case) or to create a new record type entirely. The former is "easy" because it doesn't require any changes to the DNS. The latter is sometimes considered "cleaner" as it matches the design of the DNS database model better. In the past, creating new record types was often avoided since it was a complicated procedure in the IETF. The reluctance lingers with some people despite the process having been replaced by a much lighter and quicker one.
The structure of the TXT record is specified in RFC 1035 as follows. Note that the specification is silent on the subject of character encoding of the text string. It explicitly states that the interpretation of the string is context dependent, and that the data is treated as binary inside the DNS. Later specifications (e.g., RFC 6763 – DNS used for service discovery) may require the use of specific encodings for specific purposes.
The RDATA section may contain multiple consecutive occurrences of (TXT Length + TXT). Data Length is the length of them all combined.
|Name||Label Sequence||The domain name, encoded as a sequence of labels.|
|Type||2-byte Integer.||The record type. In this case will be 0x0010 as the Type is TXT|
|Class||2-byte Integer||The class.|
|TTL||4-byte Integer||Time-To-Live, i.e. how long a record can be cached before it should be requeried.|
|Data Length||2-byte Integer||Length of the record type-specific data.|
|TXT Length||1-byte Integer||Length of TXT string|
TXT response example from example.com
|This is the hex returned as part of the DNS response from example.com when queried for TXT records.
0000 34 48 81 a0 00 01 00 02 00 00 00 01 07 65 78 61 0010 6d 70 6c 65 03 63 6f 6d 00 00 10 00 01 c0 0c 00 0020 10 00 01 00 00 54 5f 00 0c 0b 76 3d 73 70 66 31 0030 20 2d 61 6c 6c c0 0c 00 10 00 01 00 00 54 5f 00 0040 21 20 38 6a 35 6e 66 71 6c 64 32 30 7a 70 63 79 0050 72 38 78 6a 77 30 79 64 63 66 71 39 72 6b 38 68 0060 67 6d 00 00 29 02 00 00 00 00 00 00 00
0000 c0 0c 00 10 00 01 00 00 54 5f 00 0c 0b 76 3d 73 0010 70 66 31 20 2d 61 6c 6c
This decodes as follows:
As unstructured text, organisations can use the TXT string in any way they define, for example:
example.com. IN TXT "This domain name is reserved for use in documentation"
host.widgets.com. IN TXT "printer=lpr5" sam.widgets.com. IN TXT "favorite drink=orange juice"
The character string from a TXT record used for SPF:
"v=spf1 ip4:192.0.2.0/24 ip4:198.51.100.123 ip6:2620:0:860::/46 a -all"
An example of use for DMARC:
Use for site verification:
Use for custom email service:
_amazonses.example.com. IN TXT "pmBGN/7MjnfhTKUZ06Enqq1PeGUaOkw8lGhcfwefcHU="
- Rich Rosenbaum (May 1993). RFC 1464 Using the Domain Name System To Store Arbitrary String Attributes. IETF. doi:10.17487/RFC1464. RFC 1464. Retrieved 2016-02-05.
- Rosenbaum, R. "Using the Domain Name System To Store Arbitrary String Attributes". Tools.ietf.org. Retrieved 14 October 2018.
- P. Mockapetris (November 1987). "TXT RDATA format". Domain names - implementation and specification. IETF. sec. 3.3.14. doi:10.17487/RFC1035. RFC 1035.
- "Verify your site ownership". Retrieved 18 December 2018.
- "Domain Verification". Facebook. Retrieved 18 December 2018.
- Scott Kitterman (April 2014). "DNS Resource Records". Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1. IETF. sec. 3.1. doi:10.17487/RFC7208. RFC 7208. Retrieved 2014-04-26.
- "About TXT records". Google Apps Administration. Retrieved 2014-08-17.
- S. Cheshire and M. Krochmal, Apple Inc. (February 2013). Multicast DNS. IETF. doi:10.17487/RFC6762. RFC 6762.
- S. Cheshire and M. Krochmal, Apple Inc. (February 2013). DNS-Based Service Discovery. IETF. doi:10.17487/RFC6763. RFC 6763.
- "rfc1035". datatracker.ietf.org. Retrieved 2021-08-15.
- "rfc6763". datatracker.ietf.org. Retrieved 2021-08-15.
- "DNS Record Verification". WebNots. Retrieved 21 December 2018.
- "Amazon SES Domain Verification TXT Records". Amazon. Retrieved 21 December 2018.