Text Record (TXT)
Stores arbitrary text data — widely used for domain verification, SPF, DKIM, and DMARC.
Standards: RFC 1035 · RFC 7208
What is a DNS TXT record?
TXT (Text) records store human-readable or machine-readable text strings in DNS. Originally designed for domain descriptions, TXT records are now the standard mechanism for many security and verification protocols. Common uses include: SPF (Sender Policy Framework) to authorise email senders; DKIM (DomainKeys Identified Mail) public key publishing; DMARC policy directives; Google Search Console and other service domain verification; ACME (Let's Encrypt) DNS-01 challenge tokens. A domain can have multiple TXT records at the same name, but SPF must have exactly one TXT record (multiple SPF records cause validation failures). TXT record values have a maximum of 255 characters per string, but multiple strings can be concatenated.
Record Structure
| Field | Description |
|---|---|
| Name | The hostname, usually @ (apex) or a subdomain |
| TTL | Time to live in seconds. 3600 is typical; 300 for ACME challenges |
| Class | IN |
| Type | TXT |
| Text data | Quoted string(s), e.g. "v=spf1 include:_spf.google.com ~all" |
Examples
example.com. 3600 IN TXT "v=spf1 include:_spf.google.com ~all"
example.com. 3600 IN TXT "google-site-verification=XXXXXXXXXXXXXXXX"
_dmarc.example.com. 3600 IN TXT "v=DMARC1; p=reject; rua=mailto:dmarc@example.com"
Common Issues & Fixes
SPF too long — exceeds 255 characters
SPF records longer than 255 characters need to be split into multiple strings.
✓ Fix: Split the value into multiple quoted strings within the same TXT record: "part1" "part2". DNS concatenates them.
Multiple SPF records — only one allowed
Having two TXT records starting with "v=spf1" causes SPF validation to fail (permerror).
✓ Fix: Merge all SPF mechanisms into a single TXT record.