Understanding DNS TXT Records

Dive into the world of DNS TXT records with our beginner-friendly guide, exploring their diverse applications, from bolstering email security to verifying domain ownership.

What Is a TXT Record?

DNS TXT records, standing for text records, function as informational records that provide essential textual data to external sources. They are often used to store machine-readable data for a range of services. Let’s break down the essential elements of a TXT record:

  • Host: The specific domain or subdomain that the TXT record relates to.
  • TTL (Time To Live): This is the duration that the record’s cache is held by DNS resolvers, typically measured in seconds.
  • TXT Value:  This represents the actual textual or data content of the record, which often follows certain syntax rules based on its specific use.

For example, a typical TXT record might look like this:

example.com.   3600   IN   TXT   "Hello, World!"

In this example, the domain is “example.com”, the TTL is 3600 seconds (equivalent to one hour), and the TXT value is the phrase “Hello, World!”.

Applying DNS TXT Records

Despite their simplicity, TXT records are incredibly versatile and can be employed in various scenarios. Here are some of the most common:

1. SPF Records: The Sender Policy Framework (SPF) is an email authentication method aimed at preventing email spoofing. It functions by listing all servers authorized to send emails on behalf of your domain. A typical SPF TXT record could look something like this:

example.com.   3600   IN   TXT   "v=spf1 ip4: -all"

This record states that only servers within the IP range are authorized to send an email for the domain “example.com”. All others should be rejected. More detailed information about SPF records can be found in the What Is an SPF Record: The Anti-Spam Tool in Email Security article.

2. DKIM Records: DomainKeys Identified Mail (DKIM) is another email security standard.  It enables the receiving server to check if an email, claimed to have come from a specific domain, was indeed authorized by the owner of that domain. A typical DKIM TXT record might look like this:

selector._domainkey.example.com.  3600  IN  TXT  "v=DKIM1; k=rsa; p=MIIBIjANB..."

The “p=” section usually contains a long string, which is the public part of a digital key pair. The corresponding private key is used by the sender to digitally sign email messages. More detailed information about DKIM records can be found in the What Is a DKIM Record? article.

3. DMARC Records: Domain-based Message Authentication, Reporting & Conformance (DMARC) is a protocol that uses SPF and DKIM to determine the authenticity of an email message. DMARC TXT records help protect your domain from spoofing and phishing attempts. An example might look like this:

_dmarc.example.com.  3600  IN  TXT  "v=DMARC1; p=reject; rua=mailto:admin@example.com"

This record implies that any email not passing the SPF or DKIM check should be rejected, and reports about such incidents should be sent to admin@example.com.

4. Domain Verification: Services such as Google Workspace, Microsoft 365, and other online tools may ask you to add a TXT record to your DNS configuration. These are used to verify that you are the rightful owner of the domain and have control over its DNS records.

example.com.   3600   IN   TXT   "google-site-verification=abcdefg123456"

TXT records, though seemingly minor and simple, are a powerful instrument in your DNS toolkit.


Looking for reliable, high-performance DNS hosting? Choose Gcore DNS Hosting for fast and resilient DNS services:

  • Global latency averaging 30 ms
  • Anycast routing
  • Multiple load balancing options, including Geobalancing
  • Free-forever through enterprise-grade plans

Try for free

Subscribe and discover the newest
updates, news, and features

We value your inbox and are committed to preventing spam