Multiple TXT fields for same subdomain

domain-name-system spf amazon-route53 txt-record
81,421

Solution 1

The way described is the way you create multiple records on Route 53.

Entering two values in the textarea separated by a newline will result in two distinct records in the DNS. This is why Amazon call it a "record set" - it is a set of records.

Solution 2

Michael is correct in regards to where your point of confusion is coming from. I'm going to proceed with my usual stuffiness and answer the larger question for those who might happen by from a Google search.

  • Multiple TXT records are completely legal per the DNS standards.
  • Multiple TXT records implementing a specific standard can potentially be illegal, but only within the scope of that one standard.
  • Given the need for multiple standards to coexist and play nicely with other TXT records that share a given name, conflicts are unlikely to happen. It is certainly unlikely that such a requirement would make it into an Internet Standard.

To understand the difference, let's take a look at what the SPF standard (RFC 7208) has to say on the topic:

   Starting with the set of records that were returned by the lookup,
   discard records that do not begin with a version section of exactly
   "v=spf1".  Note that the version section is terminated by either an
   SP character or the end of the record.  As an example, a record with
   a version section of "v=spf10" does not match and is discarded.

   If the resultant record set includes no records, check_host()
   produces the "none" result.  If the resultant record set includes
   more than one record, check_host() produces the "permerror" result.

In short, TXT records which do not meet the syntax requirements of SPF are ignored. An error only occurs in the case where multiple records match SPF syntax.

(DMARC syntax carries the same restriction, for those who might be wondering.)

Solution 3

If you are using Google Domains, when you edit the TXT record, there's a plus(+) symbol next to the TXT value... click that to add multiple values.

Share:
81,421

Related videos on Youtube

chrisvdb
Author by

chrisvdb

Updated on September 18, 2022

Comments

  • chrisvdb
    chrisvdb almost 2 years

    I would like to understand if multiple TXT records for the same subdomain are ok or could lead to issues. In particular, we have the requirement for one SPF record and one Google Domain Verification record on the root domain.

    In AWS Route 53 they explicitly support this in the following way:

    Enter multiple values on separate lines. Enclose text in quotation marks. Example: "Sample Text Entries" "Enclose entries in quotation marks"

    This way a single TXT field can contain both the SPF and Google Domain Verification records.

    When I asked name.com on the other hand they suggested to add two separate TXT records as the Route 53 method is not supported.

  • vikarjramun
    vikarjramun almost 5 years
    I know this isn't what the question is specifically asking for, but you just saved me after spending an hour trying to figure out if I can manage with a single TXT record! Thanks so much! The Google UX Engineers really need to fix this!
  • Tootally
    Tootally about 4 years
    It seems to me, though, that different TXT records will all share the same TTL (time to live)? I just added a 2nd TXT record, consisting of random letters and numbers — and, to remember which one is the newest (the one I added, or an older one also with random digits and letters), I set a TTL 1802 seconds ("2", like in number 2) — but then both TXT records got a TTL of 1802 — although the first one previously had 1800. — Otherwise worked fine, thanks
  • Andrew B
    Andrew B about 4 years
    @KajMagnus I'm stale on my RFC citations at the moment, but I believe that is because any given tuple for a requested resource (name,class,type) only has a single TTL associated with it. If you're using BIND, I believe it ignores all of the intermediate TTL values for a given tuple and only uses the last one listed in the zone file. It wouldn't surprise me if other implementations behaved similarly.
  • Tootally
    Tootally about 4 years
    Andrew, Thanks for the info about TTL and BIND :- )
  • Jorge Galvão
    Jorge Galvão about 4 years
    Although this answer is absolutely correct, I had to read it a few times in order to understand what it means. Please consider emphasizing right in the beginning that "Yes, creating two separate records with the same name is OK", and then proceeding to explain that the new-line method in amazon is actually creating two separate records with the same name.
  • Greg Woods
    Greg Woods almost 4 years
    Azure DNS doesn't allow more than one TXT on the same subdomain... the multiple records per recordset is the right way to go there also.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to format and where to put the SPF TXT record?
How to include multiple spf domains with different mechanisms in a single spf TXT Record
How to include multiple domains in an spf TXT Record
Possible to resolve host name to an internal IP address from a central location?
Combining multiple SPF records - SenderID - kind of lost
AWS Route 53 DNS not resolving to subdomain
How can I troubleshoot a Route 53 hosted zone?
Multiple SPF domains in SPF DNS record. To MX or not MX?
How can I give a user permissions to a Route 53 hosted domain by the command line?
SPF Records - mechanism not recognized by this client. unknown mechanisms: