DNS GUIDE

TXT Lookup: All the Secrets of DNS TXT Records

TXT records are the most versatile in DNS: from SPF to DKIM, from domain verification to metadata. Learn how to manage them.

TXT records: the Swiss army knife of DNS

TXT records are among the most versatile and widely used in modern DNS. Originally designed to contain descriptive text, they have become the primary mechanism for email authentication (SPF, DKIM, DMARC), domain ownership verification (Google, Microsoft, Facebook), cloud service configuration, and even security policy distribution (BIMI, MTA-STS). An average domain has between 5 and 15 TXT records, and their correct management is essential for the functioning of multiple services.

Our TXT Lookup lists all TXT records for a domain, allowing you to quickly verify the presence and correctness of each record. It is particularly useful for debugging: when a service requires you to add a TXT record for domain verification, you can use the TXT Lookup to confirm that the record has been published correctly and is visible to DNS resolvers.

The main uses of TXT records

Common TXT records
# SPF - Autenticazione email mittente
esempio.com. IN TXT "v=spf1 include:_spf.google.com ~all"

# Verifica proprietà dominio (Google)
esempio.com. IN TXT "google-site-verification=abc123def456"

# Verifica proprietà dominio (Microsoft)
esempio.com. IN TXT "MS=ms12345678"

# Facebook domain verification
esempio.com. IN TXT "facebook-domain-verification=xyz789"

# DMARC (su _dmarc.dominio)
_dmarc.esempio.com. IN TXT "v=DMARC1; p=reject; rua=..."

The most important rule for SPF-related TXT records: a domain must have only one record starting with v=spf1. Multiple SPF records cause a permanent error (permerror) and authentication fails for all emails. If you need to add a new service, modify the existing SPF record by adding an include mechanism, do not create a second record. Verify correctness with SPF Lookup after every change.

TXT record management and maintenance

TXT records tend to accumulate over time: verifications for services no longer in use, SPF records for changed providers, DKIM keys for decommissioned services. This "DNS junk" does not cause immediate problems but increases DNS response sizes, can cause confusion during debugging, and obsolete SPF records may authorize servers no longer under your control. Do periodic cleanup using the TXT Lookup to list all records and remove those no longer needed.

An important technical aspect: TXT records have a 255-character limit per string. Longer records (such as some DKIM records with 2048-bit keys) are split into multiple concatenated strings. DNS returns the separate strings that the client must join. Most software handles this automatically, but errors in string splitting can corrupt the record. Verify with DNS Lookup that long records are returned correctly.

For TXT records related to email security, maintain an up-to-date inventory: note which service requires which record, when it was added, and who is responsible. When you deactivate a service, remove the corresponding record. This discipline prevents both DNS junk and vulnerabilities from orphaned records that authorize services no longer under your control.

Try TXT Lookup for free
List all TXT records of a domain
Use TXT Lookup >

Explore the Network

capops.io Free tools for DevOps & SysAdmin — monitoring, deploy, CI/CD, server management and more Visit → pixcode.io Free graphic tools — image converter, color palette generator, SVG optimizer and more Visit →