TXT is a type of DNS record in a form of text that contains miscellaneous information for sources outside your domain. It helps store domain information, improve email security, and more. There are several types of DNS records, and TXT is one of the most common ones. In this article, we will discuss how to set up a TXT record, benefits, types, and troubleshooting issues. Selecting a domain hosting provider is essential for optimizing site performance and securing your online presence. Explore our comprehensive list of top domain hosting providers to make an informed choice.
Recommended Domain Hosting Providers
Provider | User Rating | Best For | Expert & User Reviews | |
---|---|---|---|---|
5.0 | Versatility | HostArmada Review | Visit HostArmada | |
4.9 | Customization | Ultahost Review | Visit Ultahost | |
4.6 | Speed | Hostinger Review | Visit Hostinger |
What Is A TXT Record in DNS?
TXT is a type of DNS record containing miscellaneous information for sources outside your domain. A domain may have several TXT records, and you can store any information within a record.
They are stored in TXT (text) format and are easily readable by humans and machines to retrieve information about the domain. DNS TXT records serve a variety of purposes:
- Allows you to store any type of information, for example, the location of the web server, email address of the webmaster
- Enables third-party services to verify domain ownership
- Validate email sources by ensuring users’ email is sent from a compliant list of IP addresses, preventing email spoofing and spam attacks
What Is the Format of a TXT Record?
The TXT record uses a key-value format consisting of the attribute name and value to store any new information on the domain:
<name> IN TXT ‘’value’’ example.com. IN TXT “host=advice334”
The value can be any combination of printable ASCII characters, which allows you to be flexible when storing information. Also, it’s possible to include multiple values within a single TXT record.
Host name | Record Type | Value | TTL |
Host Advice | TXT | “Favorite gadget=macbook” | 1005 |
Importance of TXT Record for Domain Owners
TXT records are essential to domain owners, not just because they’re a part of the DNS record system, but because they also serve critical functions related to your website’s security, performance, and usability. Here’s how:
Verification of Domain Ownership
Many third-party services, like SSL certificate providers, domain registrars, and email services, may require domain owners or administrators to verify domain ownership before accessing certain features. TXT record provides a simple but powerful way of verifying domain ownership without tampering with the DNS.
Usually, the third-party service generates a unique TXT code with a verification string, which you add to your website’s root directory. The verification code may look like this:
Name: @ or blank, depending on your DNS’s provider requirements
Record Type: TXT
Value: “example-site-verification=35LhR11sr4Lg10vPT4CRT0921opo5dRbYq7TuWzBRYQh”
TTL: 5560
Email Authentication
TXT records act as an email authenticator and help prevent email spoofing and improve email deliverability. If configured for this purpose, it will contain all the IP addresses authorized to send emails to a specific domain.
They also play an essential role in implementing email authentication protocols like DomainKeys Identified Mail (DKIM), Sender Policy Framework records (SPF), Domain-Based Message Authentication, Reporting & Conformance records (DMARC).
Information Dissemination
The primary purpose of TXT records is to store domain information. They contain arbitrary texts that make them flexible when storing data. You can use them to provide additional information about your company, such as email addresses, social profiles, or even contact instructions. Since they’re publicly accessible, users can easily dig up information about your company when needed.
SEO Optimization
TXT records can also help optimize your website for higher visibility on search engines. Google Search Console, for instance, provides insightful analytics on your website performance. By linking your website to the search console, you can track your website traffic, sources, and other information needed for SEO optimization.
All you need to do is add the ‘google-site-verification’ string as a TXT record in your DNS. Another method is generating a unique verification code from the GSC.
How to Set Up a TXT Record in Your DNS
Setting up a TXT record in your DNS is a pretty straightforward process. To do this, follow these steps:
- Log into your DNS provider’s control panel or dashboard
- Locate the section for managing DNS records or zones. This may vary depending on your DNS provider
- Then, click on the ‘Add New’ button
- You’d be prompted to add the type of the record, hostname, value, and TTL (time to last)
- For the host, add an @ corresponding to the domain or subdomain you’re creating the record for. Some providers may require that you leave this field blank
- Click on the ‘Save’ button
Read more on how to create a TXT record.
Benefits of Adding TXT Records to Your DNS
Adding TXT records in your DNS secures your domain from spamming and phishing attacks. Here are other benefits:
Enhanced Security
Spoofing is a common tactic cybercriminals use to commit fraud. They do this in different ways, for instance, by sending emails with fake domain names that appear legitimate or creating fake websites. One way to prevent this is by adding TXT records in your DNS.
Implementing email authentication protocols such as SPF, DKIM, and DMARC using TXT records helps to prevent email spoofing and other attacks that may compromise your website’s security. Email providers like Gmail and Microsoft use this method to ensure recipients trust emails from your website domain. It also helps to maintain the integrity of your communication system.
Improved Email Deliverability
The email authentication protocols highlighted in the preceding step can also improve email deliverability and ensure your emails reach the intended recipients. Implementing these authentication techniques through TXT records reduces the likelihood of your emails being marked as spam, establishing your domain’s authenticity.
The DMARC record, for example, authenticates emails that bypass the SPF or DKIM record checks. It acts as an extra layer of security against cyber crimes and ensures your email is delivered to the appropriate parties.
Lastly…
Verification of Domain Ownership
Many third-party services, such as search engines and email providers, require a form of validation before granting access to certain features. This ensures that only authorized people can access and manage your website.
For example, most websites are protected by SSL certificates. Certificate authorities or SSL providers require domain validation to prevent random individuals from obtaining SSL certificates for your domain. So they generate a unique verification code that is added to your TXT record in the DNS domain you want to secure. Once done, the SSL certificate provider can verify domain ownership and issue the certificate accordingly.
Common Uses for TXT Records in DNS
Peter Lowe said in his contribution with RIPE Labs that ‘TXT records are perhaps the most flexible type of DNS record available.’ I believe he’s right. Because of their flexibility, you can use them to store details about a framework, for example, RFC 7208. Listed below are some other use cases:
Domain Ownership Verification
Domain ownership verification is the commonest use of TXT records. As I shared earlier, they’re mainly used by search engines and email providers to authenticate domain names before granting access to specific features.
A popular use case is websites using Google services. Google Analytics is a popular SEO tool for checking and analyzing website traffic. This includes your overall site health, referring domains, high-traffic sources, and more. Before accessing this data, you must verify that you own the domain. Although there are many ways to verify your domain on GA, using TXT records remains one of the easiest and most secure options.
Network and Service Management
TXT records can also come in handy in configuring network and service management apps. These applications often require certain information for configuration. TXT records can store and seamlessly retrieve this data when needed. For example, most CDN providers require adding a TXT record containing authentication details before configuring correctly.
- TXT records can also be used to specify configuration information for SIP (Session Initiation Protocol) phones within the DNS
- SIP is a signaling protocol used in VoIP (Voice-over Internet Protocol) communications to connect, modify, and terminate multimedia sessions
- By utilizing TXT records, VoIP service providers can store SIP phone configuration details directly in the DNS zone of the domain
Types of Text Records and How They Can Be Used
There are several types of TXT records available, and there are no limits to how they’re used. As one of the most flexible types of DNS records, here are some common ways to use them to enhance the security of your domain:
SPF (Sender Policy Framework)
SPF is a complaint email authentication protocol used to maintain a list of IP addresses authorized to send emails on behalf of your domain.
- When a mail server receives an email, it checks to see if the IP address on the email matches that from the SPF record
- If it doesn’t, the email fails the SPF authentication and is marked as SPAM or rejected
SPF also allocates authority to third-party email vendors such as Microsoft Office 365, Mailchimp, etc. It prevents email spoofing by validating that the server carrying out the sending request is validated to send emails on behalf of the domain. This prevents fraudsters from sending emails with your domain name.
Example
For example, the SPF record “v=spf1 a mx include:_spf.google.com ~all” indicates that the IP addresses of the domain A and MX records can send emails on behalf of the domain, including Google email servers. The ‘all’ command at the end of the string specifies that the server should mark the email as SPAM if the receiving mail doesn’t match the set standards.
DKIM (DomainKeys Identified Mail)
DKIM is another email authentication protocol to prevent spoofing and phishing. It has a digital signature mechanism that signs outgoing emails from a domain with a private and public key. This process guarantees that the message in the email hasn’t been tampered with. Here’s how.
- When you send an email, your server creates a DKIM signature with the private key
- The receiving server then runs a DNS query to your server to retrieve the public key
- If the public key doesn’t match the receiving server’s, the email is marked as spam or rejected
Example
Consider this DKIM signature: “v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdKEiJFddB+UXtNkfe23v/DJQzMG”
The public key is the p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCdKEiJFddB+UXtNkfe23v/DJQzMG” string that is stored as a TXT record on the DNS record of your server. Once the outbound mail gets to the receiving end, it retrieves this value to verify the signature’s authenticity.
DMARC (Domain-based Message Authentication, Reporting, and Conformance)
DMARC is like an extra layer of security used to validate emails that bypass the SPF and DKIM protocols. Bruno Mirchevski, hosting expert at HostAdvice, explains it better: DMARC builds on SPF and DKIM by publishing policies telling email receivers how to handle authentication failures, providing reporting to domain owners. The policy can be set in three ways:
- None (meaning do nothing)
- Quarantine emails
- Reject emails
…when the outgoing email fails SPF and DKIM authentication. These policies are stored as a DNS TXT record.
You can also create compliance reports inside DMARC that triggers your email when it fails SPF and DKIM authentication protocols. This way, you can easily monitor who is trying to spoof your email address.
Example
This is an example of a DMARC record:
"v=DMARC1; p=none; rua=mailto:postmaster@example.com; ruf=mailto:abuse@example.com; adkim=s; aspf=s;"
The v=DMARC1 indicates the version of DMARC being used, Version 1. p=none means the DMARC policy is set to none. ruf=mailto:abuse@example.com and ruf=mailto:abuse@example.com are the emails that receive aggregate and forensic reports about the email authenticity. adkim=s and aspf=s set the alignment mode for DKIM and SPF protocols, respectively.
Google Site Verification
As I shared earlier, most Google services, like Search Console, Ads, and Analytics, require verifying your domain ownership before syncing your website on the platform. By verifying your domain, you grant Google access to crawl your web pages and equally confirm that you are the owner or administrator of your site.
Example:
The string: “google-site-verification=abc123def456” is used for Google site verification. All you need to do is store the record in TXT format on your DNS zone. Each code is unique to each website, so visit the Google service platform to generate your domain code.
Learn more on how to verify domain ownership on Google.
Information Dissemination
TXT records can be used to provide important information to outside sources about your domain, such as email addresses or other contact details. This is very important for users who want to know about your company’s business offerings.
Example:
The TXT record “v=spf1 a mx include:_spf.example.com ~all; contact=admin@example.com” combines SPF and contact information:
- v=spf1 indicates the version of SPF used (version 1)
- ‘a mx’ means domain A and MX’s records can send emails
- ‘contact=admin@example.com’ is the administrator email
Service Discovery
While TXT records are helpful for several purposes, they can also be used to streamline the process of locating and accessing network services, therefore, eliminating the need for manual configuration. For instance, a file server may have a TXT record comprising its name, access protocols, and available shared folders.
Example:
This string, “printer=model1;location=room101;” is a TXT record specifying the location (room 101) of a printer (model 1)
Troubleshooting Issues With Setting Up a TXT Record
Here’s how you can troubleshoot issues when setting up a TXT record:
Verify the Syntax
The syntax of a TXT record is the format structure used to store information in its TEXT-DATA field. It usually consists of the attribute followed by the value of the attribute. Both the value and the attribute are separated by an equal sign (=) and enclosed within double quotation marks (“”). The records should not exceed the 255-character limit as denied in the DNS protocol.
The TXT records shouldn’t have line breaks or multiple lines. You can separate multiple values using white spaces if you want to include multiple values in the record. In general, a standard TXT record syntax is as follows:
<owner> <class> <ttl> TXT "<attribute name>=<attribute value>"
A typical example of an SPF record:
"v=spf1 include:_spf.example.com ~all"
Check for Typos
One common mistake common to newbies is missing errors when typing or pasting a TXT syntax. Most times, these errors are almost unnoticeable. But even a small typo can cause data inconsistency and record failure. Plus, debugging these errors may require technical assistance from your DNS provider.
To avoid these mistakes,
- Always cross-check the accuracy of your TXT record
- Check out for errors in the syntax and other characters included
- Refer to the documentation or guidelines provided by the third-party service to know what the specific format, content, and placement are
Verify the DNS Propagation
DNS propagation is the time it takes for the DNS changes to take effect on various DNS servers on the internet. After creating a TXT record, it may take several minutes to hours to propagate. This delay may result from DNS information cached at the servers at different levels. Other factors determining the timeframe are the TTL values of your DNS records, your internet service provider, or your domain registry.
That said, monitor all the changes to ensure they’re entirely propagated. Use DNS tools like DNS checker to validate that the new records have propagated to all the DNS servers.
Check for Conflicting Records
If all the preceding options don’t work, check your records for multiple entries, as this can cause conflicting issues, for example, failed verifications or email delivery issues. Ensure that no two records are the same. If you want to modify a record, simply delete the old record and replace it with the new one.
Check Your Domain Settings
Thoroughly access your domain settings and ensure all information entered is correct – domain name, TTK value, and your DNS provider. This is vital as domain settings can directly impact the functionality of your domain. For the best practices:
- Verify that your domain name is spelled correctly and is appropriately registered
- Always check the specified TTL value in your DNS settings before making an entry
- Opt for a reputable and reliable DNS provider
Contact Your DNS Provider
If you’re still experiencing issues after trying out the steps outlined above and still experiencing issues, contact your DNS provider for further assistance. Most of these providers have different levels of support – email, live chat, phone support, ticket system, and a vast knowledge base of how-to articles.
Learn more on how to troubleshoot tag names in DNS TXT records.
Conclusion
There you have it! TXT records may seem small, but the potentials are unmatched. TXT Records offers a versatile solution for strengthening our online presence, from improving email deliverability to providing a secure means to sync domains with third-party apps. Remember to stay on par with recent updates from your provider and the third-party providers you use as well.
Next Steps
- Learn what is Domain Name
- Opt for hosting providers with secure DNS
- Learn how to use DNS tools for web hosting
- How to manage your DNS for web hosting
- Implement the right strategies to speed up your site