What is TXT Record?
A DNS resource record (type 16) that stores free-form text data, commonly used for email authentication (SPF, DKIM, DMARC) and domain ownership verification tokens.
A TXT record is a DNS resource record of type 16, as defined in RFC 1035. It holds one or more character strings, each up to 255 octets in length, which are concatenated when the record is retrieved. The record was originally intended for human-readable notes about a domain, but that usage has been almost entirely replaced by machine-readable data for email authentication and domain verification.
When a TXT record contains multiple strings, the DNS resolver concatenates them in the order they appear in the record. This allows the total payload to exceed 255 octets, which is necessary for large public keys used in DKIM. The most common uses are SPF (Sender Policy Framework, RFC 7208), DKIM (DomainKeys Identified Mail, RFC 6376), and DMARC (Domain-based Message Authentication, Reporting and Conformance, RFC 7489). Domain owners also use TXT records to prove ownership to third-party services such as Google Workspace or Microsoft 365 by placing a unique verification string.
A TXT record is stored in the zone file alongside other record types (A, MX, CNAME, etc.) and is queried by DNS clients using standard lookups. Multiple TXT records can exist for the same domain name; their order is not guaranteed, so applications must be able to handle multiple records. Because TXT records are free-form, they require strict parsing conventions defined by each application protocol. Misconfigured TXT records are a common source of email deliverability problems.
Key facts
- DNS record type 16, defined in RFC 1035.
- Stores one or more character strings, each up to 255 octets.
- Commonly used for SPF, DKIM, and DMARC email authentication.
- Also used for domain ownership verification tokens by services like Google and Microsoft.
- Multiple TXT records can exist for the same name; order is not guaranteed.
How it works in practice
Related terms
References
More in DNS
A Record
A DNS resource record that maps a hostname to a 32-bit IPv4 address. It is the most fundamental record type for translating domain names to numeric addresses on the Internet.
AAAA Record
A DNS resource record that maps a hostname to a 128-bit IPv6 address, analogous to the A record for IPv4.
Authoritative DNS
An authoritative DNS server holds the definitive resource records for a specific domain and responds to queries with the final answer for that zone, not a cached copy.
CAA Record
A CAA (Certification Authority Authorization) DNS record lets domain owners specify which certificate authorities are permitted to issue SSL/TLS certificates for their domain.
CNAME Record
A DNS record that maps an alias hostname to the true or canonical hostname, allowing multiple names to resolve to the same IP address without duplicating A or AAAA records.
DNS
The Domain Name System (DNS) is a hierarchical, distributed naming system that translates human-readable domain names (like example.com) into IP addresses and other resource records used by internet protocols.
DNS Anycast
DNS Anycast uses one IP address served from multiple geographically distributed nameservers; queries are routed to the nearest or healthiest node, improving resilience and reducing latency.
DNS Caching
DNS caching stores resolved domain name query results for the specified TTL duration to avoid repeated queries to upstream authoritative servers.
DNS Hijacking
DNS hijacking is an attack or misconfiguration that returns forged DNS responses, causing users to connect to attacker-controlled hosts instead of the intended server.
DNSSEC
DNSSEC (DNS Security Extensions) add cryptographic digital signatures to DNS records, enabling resolvers to verify that responses have not been tampered with or spoofed.