Skip to Content
Navigation:

A stick figure smiling

Here's a preview from my zine, How DNS Works! If you want to see more comics like this, sign up for my saturday comics newsletter or browse more comics!

get the zine!
Image of a comic. To read the full HTML alt text, click "read the transcript".

browse more comics! get the zine!
read the transcript!

TXT records can contain literally anything

examplecat.com TXT
"hello! I'm an example cat!"

(though they’re usually ASCII)

they’re often used to verify that you own your domain

google, represented by a box with a smiley face: put “banana stand panda” in a TXT record to prove you) own this domain!

reasons to verify your domain

  • to issue SSL certificates with Let’s Encrypt
  • to use Single Sign On (SSO) for a service
  • to get access to Google/ Facebook’s data about your domain (eg search data)

they’re also used for email security (SPF/DKIM/DMARC)

Illustration of two smiling stick figures talking.

person 1: should we create a DNS record type for SPF?
person 2: nah let’s just put it all in TXT records!

(not a historically accurate summary of the design process for SPF records)

TXT records can contain many strings

Each string is at most 256 characters, and clients will concatenate them together.

You’ll see this in DKIM records, because they’re usually more than 256 characters.

some other record types

CAA: restrict who can issue certificates for your domain
PTR: reverse DNS map IP addresses to domain names (look these up with dig -x)
SRV: holds both an IP address and a port number

Saturday Morning Comics!

Want another comic like this in your email every Saturday? Sign up here!

I'll send you one of my favourite comics from my archives every Saturday.
© Julia Evans 2024 | All rights reserved (see the FAQ for notes about licensing)