80

I would like to understand if multiple TXT records for the same subdomain are ok or could lead to issues. In particular, we have the requirement for one SPF record and one Google Domain Verification record on the root domain.

In AWS Route 53 they explicitly support this in the following way:

Enter multiple values on separate lines. Enclose text in quotation marks. Example: "Sample Text Entries" "Enclose entries in quotation marks"

This way a single TXT field can contain both the SPF and Google Domain Verification records.

When I asked name.com on the other hand they suggested to add two separate TXT records as the Route 53 method is not supported.

chrisvdb
  • 1,199
  • 2
  • 10
  • 15

3 Answers3

91

The way described is the way you create multiple records on Route 53.

Entering two values in the textarea separated by a newline will result in two distinct records in the DNS. This is why Amazon call it a "record set" - it is a set of records.

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
  • 11
    The OP cannot be the only person making this mistake; it's really not obvious. There is no sensible error message that explains this, when you try to add a second TXT record the 'more obvious' way. – Bobby Jack Jan 09 '18 at 09:50
  • Although this answer is absolutely correct, I had to read it a few times in order to understand what it means. Please consider emphasizing right in the beginning that "Yes, creating two separate records with the same name is OK", and then proceeding to explain that the new-line method in amazon is actually creating two separate records with the same name. – Jorge Galvão May 28 '20 at 18:37
  • Azure DNS doesn't allow more than one TXT on the same subdomain... the multiple records per recordset is the right way to go there also. – Greg Woods Jul 22 '20 at 09:10
  • I believe values can or should be enclosed with quotes as well? E.G. `"value 1"\n"value 2"\n"value 3"`. AWS does not handle this very well and the current editor is very poor for editing an existing `TXT` record. – fIwJlxSzApHEZIl Aug 25 '22 at 15:21
45

Michael is correct in regards to where your point of confusion is coming from. I'm going to proceed with my usual stuffiness and answer the larger question for those who might happen by from a Google search.

  • Multiple TXT records are completely legal per the DNS standards.
  • Multiple TXT records implementing a specific standard can potentially be illegal, but only within the scope of that one standard.
  • Given the need for multiple standards to coexist and play nicely with other TXT records that share a given name, conflicts are unlikely to happen. It is certainly unlikely that such a requirement would make it into an Internet Standard.

To understand the difference, let's take a look at what the SPF standard (RFC 7208) has to say on the topic:

   Starting with the set of records that were returned by the lookup,
   discard records that do not begin with a version section of exactly
   "v=spf1".  Note that the version section is terminated by either an
   SP character or the end of the record.  As an example, a record with
   a version section of "v=spf10" does not match and is discarded.

   If the resultant record set includes no records, check_host()
   produces the "none" result.  If the resultant record set includes
   more than one record, check_host() produces the "permerror" result.

In short, TXT records which do not meet the syntax requirements of SPF are ignored. An error only occurs in the case where multiple records match SPF syntax.

(DMARC syntax carries the same restriction, for those who might be wondering.)

Community
  • 1
Andrew B
  • 31,858
  • 12
  • 90
  • 128
  • It seems to me, though, that different TXT records will all share the same TTL (time to live)? I just added a 2nd TXT record, consisting of random letters and numbers — and, to remember which one is the newest (the one I added, or an older one also with random digits and letters), I set a TTL 1802 seconds ("2", like in number 2) — but then both TXT records got a TTL of 1802 — although the first one previously had 1800. — Otherwise worked fine, thanks – KajMagnus Apr 30 '20 at 05:21
  • 1
    @KajMagnus I'm stale on my RFC citations at the moment, but I believe that is because any given tuple for a requested resource (name,class,type) only has a single TTL associated with it. If you're using BIND, I believe it ignores all of the intermediate TTL values for a given tuple and only uses the last one listed in the zone file. It wouldn't surprise me if other implementations behaved similarly. – Andrew B May 05 '20 at 00:38
  • Andrew, Thanks for the info about TTL and BIND :- ) – KajMagnus May 05 '20 at 04:23
26

If you are using Google Domains, when you edit the TXT record, there's a plus(+) symbol next to the TXT value... click that to add multiple values.

Serj Sagan
  • 315
  • 5
  • 13
  • 4
    I know this isn't what the question is *specifically* asking for, but you just saved me after spending an hour trying to figure out if I can manage with a single TXT record! Thanks so much! The Google UX Engineers really need to fix this! – vikarjramun Aug 23 '19 at 01:02