TXT Record Lookup Tool
TXT Lookup is a diagnostic tool used to retrieve the text-based records associated with a domain. These are commonly used for anti-spam policies and domain ownership verification.
Inpect security policies and verification tokens. Verify SPF, DKIM, and DMARC settings to ensure maximum deliverability and trust.
Type a domain to check DNS records.
What is a DNS TXT Record?
A TXT (Text) record is a type of DNS resource record that allows a domain administrator to insert arbitrary text into the Domain Name System. Unlike most other DNS records (like A or MX) which have a very specific technical format and purpose, TXT records are designed to be human-readable and machine-parseable containers for virtually any type of information.
Originally, TXT records were intended for human comments and notes about a domain. However, over time, they have evolved into the primary mechanism for implementing critical security protocols and verifying domain ownership for third-party services like Google Workspace, Microsoft 365, and various SSL certificate authorities.
Proving Ownership: Domain Verification
When you sign up for a service like Google Search Console or Atlassian, they need to know that you actually control the domain you're claiming.
They give you a unique "verification token"—a string of random characters—and ask you to add it as a TXT record. When their system sees that specific token on your domain, it proves you have administrative access to the DNS settings.
Example Verification Formats:
google-site-verification=Ab12-Cd34...
msVerification=5bc12...
atlassian-domain-verification=xyZ789...
Securing Your Email Identity
Today, the single most important use of TXT records is protecting your domain from "spoofing" and ensuring your emails don't end up in spam folders. This is achieved through three integrated protocols:
SPF (Sender Policy Framework)
An SPF record lists all the IP addresses and services authorized to send mail from your domain. If someone tries to send a fake email using your domain from an unauthorized server, the recipient's mail server will mark it as suspect.
v=spf1 include:_spf.google.com ~allDKIM (DomainKeys Identified Mail)
DKIM adds a digital signature to every email you send. This signature is verified using a public key stored in a TXT record on your domain. This proves that the message content hasn't been tampered with in transit.
DMARC
DMARC is the policy layer. Use our DMARC Checker to analyze your current policy and reporting setup.
v=DMARC1; p=quarantine; rua=mailto:admin@example.comTXT Record Technical Limits
While TXT records are flexible, they do have architectural limits defined by DNS standards (RFC 1035):
- Maximum Length: A single TXT record can be up to 65,535 bytes in total.
- String Limit: The total length is composed of "strings," each limited to 255 characters.
- Concatenation: Longer records are broken into multiple 255-character segments surrounded by double quotes.
Frequently Asked Questions
Can I have multiple TXT records?
Yes, and this is standard practice. You might have one TXT record for Google verification, another for SPF, and several more for services like Atlassian or Slack. They all coexist at the same domain node.
Why is my TXT record not showing up?
This is usually due to DNS Caching. When you add a record, it can take anywhere from a few minutes to several hours to propagate. If you're verifying a domain, make sure you added the record to the correct host (sometimes you need to use @ for the root, or a specific subdomain).
Is there a limit on how many TXT records I can have?
Technically, no specific limit exists in the protocol. However, excessive records can increase the overall size of the DNS response, potentially causing it to exceed UDP limits (512 bytes) and forcing it to switch to TCP, which might be slightly slower.
Security Best Practice
Periodically audit your TXT records. Many administrators leave "verification tokens" for services they no longer use. Removing old records keeps your DNS clean and prevents an attacker from potentially regaining access if an old service account is ever compromised.