TXT record lookup

TXT records hold arbitrary text — historically for human notes, now mostly for machine-readable verification (SPF, DKIM, DMARC, domain-ownership proofs).

beginner TXT

How to look it up

Four ways to query — pick by what's available on your machine.

digdig TXT example.com +short

hosthost -t TXT example.com

dotdigdotdig txt example.com

Sample response

"v=spf1 -all"
"google-site-verification=abc123"
"keybase-site-verification=xyz789"

Format

Each TXT record is one or more strings, each ≤255 chars. Multiple strings in one record are concatenated by readers. Multiple records = multiple separate values.

Common pitfalls

TXT records ≤255 chars per string. Long values (DKIM keys ~300+ chars) are stored as multiple quoted strings; some DNS UIs hide this. Verify with `dig +short`.
Multiple TXT records on one domain is allowed (and common — SPF, DMARC, verification tokens all live there). But you can only have ONE SPF record (RFC 7208).
Verification tokens often end up forgotten. Audit periodically — old tokens for cancelled services are stale and clutter.

Why it matters for security

security relevance TXT records often contain proof-of-domain-ownership tokens (Google, Facebook, GitHub). Stale tokens = old account lingering with control over your domain.

Use cases

Verify domain-ownership for SaaS onboarding
Audit existing TXT records before cleanup
Debug 'we don't see your verification' errors
Inventory all DNS-published metadata

Look up DNS without flag soup

dotdig is a friendly DNS resolver — formatted output, custom resolver support, DNSSEC validation. Zero-config alternative to dig.

Open dotdig

Related DNS lookups

DNSKEY / DS / RRSIG · SRV · TXT (SPF) · SOA