What Are TXT Records in DNS?

TXT records are DNS records that store text strings. Other systems can query those strings and interpret them as instructions, verification tokens, or policy data.

Although the name sounds generic, TXT records are now critical to many real-world workflows including email authentication, domain ownership validation, and service configuration.

They are especially common because many platforms need a standards-friendly way to publish machine-readable information without introducing a dedicated new record type.

• SPF policies that authorise sending infrastructure
• DKIM public keys published on selector hostnames
• DMARC policies published at the _dmarc subdomain
• Google, Microsoft, and other vendor verification tokens
• Site ownership validation for SaaS platforms and security services

example.com. 3600 IN TXT "google-site-verification=example-token"
example.com. 3600 IN TXT "v=spf1 include:spf.protection.outlook.com -all"
_dmarc.example.com. 3600 IN TXT "v=DMARC1; p=reject; rua=mailto:dmarc@example.com"

These examples all use TXT records, but they serve very different purposes. That is why you should always interpret a TXT record in the context of the hostname where it is published.

TXT records often control security-sensitive behaviour. A missing or malformed TXT record can break email authentication, prevent a domain verification from completing, or stop a third-party platform from trusting your domain.

Because TXT records are so flexible, they also become crowded over time. Mature domains often have many TXT records, which makes change control and validation more important.

• Publishing the record at the wrong hostname
• Breaking quoting or spacing when copying a vendor value
• Adding multiple SPF TXT records instead of maintaining one valid SPF policy
• Assuming propagation is complete without checking authoritative DNS
• Removing an old-looking verification token that is still required by a service

• What Is a TXT Record?
• SPF Record Explained
• DMARC Record Explained

When validating a TXT record, check the exact hostname first, then compare the authoritative answer with at least one public resolver. That helps you distinguish a publishing problem from normal propagation delay.

For email-related TXT records, also confirm the record is logically correct after lookup. A TXT response can exist and still be wrong if the SPF syntax is invalid, the DKIM selector is incorrect, or the DMARC policy is published at the wrong label.

If you want to validate this topic in practice, these DNS Pro tools are the fastest next step.

• TXT Lookup
• SPF Checker
• DMARC Checker