TXT record – why to use it?

Domain Name System (DNS) includes many different records to execute different functions required for the Internet to work as easily and efficiently as users expect.

TXT records’ functionality is absolutely essential. Check out why to use TXT record.

What is the TXT record?

Text or TXT record is a DNS record that holds text information related to a domain for external sources to read it. TXT records commonly have general information about a domain and important data frequently used for validating (security processes). They can validate information for e-mailing or for confirming if you really are the owner of a domain.

When created, the TXT record was for administrators’ notes. But machines have evolved through the years, and such text notes are also legible for them. This is very convenient for administrators because using TXT records, they can send text entries into the DNS, with specific instructions for machines to accomplish.

That explained, if you check TXT records, the information inside them can be easily readable, or it can be hard, just with technical instructions. And there’s a third possibility. Text can be a mixture of technical data and easily understandable human’s words.

See some examples:

host.gadgets.com. IN TXT “scanner=1pr3”

ted.gadgets.com. IN TXT “sweet preference=chocolate”

host.gadgets.com. IN TXT “v=spf1 ip4:192.0.3.0/24 ip4:196.57.101.123 ip6:2720:0:960::/46 a -all”

TXT record – why use it?

TXT records with different functionality are entered as DNS TXT (DKIM, SPF, DMARC, MTA-STS). All can be combined to expand their possibilities. Thus, you can find many TXT records in every domain. Once you define the purpose of using them, you just need to add them to your domain’s settings. 

  • To save instructions in the DNS for machines to execute specific processes. 
  • To include data in text format about hosts.
  • To provide you certain services. Some SaaS or software companies verify your domain ownership through a TXT record.
  • To make more robust your e-mail security.

The way the previous purposes can be done is through the addition and combination of TXT records like the following ones:

  • Domain Keys Identified Mail (DKIM) is a security method for authenticating e-mail. It ferrets out fake sender addresses on е-mаils. This prevents crimes like phishing, spamming, or e-mail spoofing. Via DKIM, the receiver can verify if e-mails coming from a determined domain were really authorized by the owner. This through the use of a digital signature associated with the corresponding domain name in every sent message. DKIM uses public and private keys. The way the public key gets properly published in the DNS is by using a TXT record.
  • Sender Policy Framework (SPF) is a mechanism for authenticating e-mail to prevent receivers and senders from phishing, spoofing, etc. With SPF, servers can check if messages are coming from authorized sources. They can also react if they detect wrong parameters on senders. SPF is expressed using TXT record’s format for adding it in a domain’s DNS database. 
  • Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a mechanism for authenticating e-mail. It keeps domains safe from the risk of e-mail spoofing. A DMARC entry expressed through a TXT record is published in DNS for receivers (servers) to authenticate incoming e-mails, following the DMARC entry instructions. It manages messages that don’t pass authentication and generates reports about delivery failures of messages, etc.
  • Message Transfer Agent – Strict Transport Security (MTA-STS) is a security method for connections between simple mail transfer protocol (SMTP). It protects messages’ delivery with end-to-end encryption and prevents downgrade attacks, man-in-the-middle attacks, and more. It is entered in the DNS via TXT record.

Conclusion

TXT records are needed and versatile. By making proper combinations, you can totally improve security. Consider it in your list of must DNS components from now.

Write a comment

Your email address will not be published. Required fields are marked *