Menu
There is a way to retrieve ALL (TXT) entries about DNS records of a domain (and subdomains) ?
My goal is to verify the configuration of my domain: www.rosposhop.com where I correctly set multiple SPF and DKIM records for some subdomains
rosposhop.com
md.rosposhop.com (SPF+DKIM)
mg.rosposhop.com (SPF+DKIM)
(so I have a total of 5 TXT items)
Now, if I ask with dig or host -a, I got only the first TXT item, instead I was expected to have the complete list of TXT items.
Whre I'm wrong ?
$ dig rosposhop.com TXT
; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> rosposhop.com TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14774
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;rosposhop.com. IN TXT
;; ANSWER SECTION:
rosposhop.com. 2362 IN TXT "google-site-verification=udcP944OqB1PldDn1ML"
;; Query time: 65 msec
;; SERVER: ***********
;; WHEN: Sat Dec 27 09:10:43 CET 2014
;; MSG SIZE rcvd: 123
BTW, if I ask puntually for a SUBdomain, now I got again only the first entry:
$ dig md.rosposhop.com TXT
return:
;; ANSWER SECTION:
md.rosposhop.com. 2223 IN TXT "v=spf1 include:spf.man*******"
again I don't get the DKIM info. It's a security/permissions topic ? sorry for my DNS-ignorance.
thanks giorgio
972
whatsmydns.net TXT Record Lookup tool lets you query DNS servers and get instant results. Text Record or TXT record lookups are used to determine the TXT records associated with a domain. Looking for easier to understand results? Use the Global DNS Checker tool.
Launch Windows Command Prompt by navigating to Start > Command Prompt or via Run > CMD. Type NSLOOKUP and hit Enter. The default Server is set to your local DNS, the Address will be your local IP. NSLOOKUP will now return the record entries for the domain you entered.
TXT records are used to keep text values related to your domain name. This type of record usually used for, proof for ownership of domain (google, yandex verification), Sender Policy Framework (SPF) records or DKIM. Check your TXT records with TXT record lookup tool.
The approach of making a single DNS query to get all that information in one fell swoop is misguided. It assumes that the data for a single zone is a) static and b) managed by a single name server. DNS imposes no such limitations on zone data.
Both SPF and DKIM (and DMARC, if you want to throw that in the mix) use TXT records on specific domains. There is no need to get all the TXT records for a domain and its subdomains to view the relevant configuration.
If you want to get the SPF and DKIM information, just query the appropriate domains. Assuming you're doing Return-Path domains and DKIM signatures on md.rosposhop.com and mg.rosposhop.com then you should be interested in TXT records on
md.rosposhop.com - SPFmg.rosposhop.com - SPF(selector)._domainkey.md.rosposhop.com - DKIM(selector)._domainkey.mg.rosposhop.com - DKIMwhere (selector) is the selector you're using for that DKIM record. You may have more than one selector for each of md.rosposhop.com and mg.rosposhop.com domains. TXT records on other domains are irrelevant.
53
To get all the records of a domain, you use an AXFR request to perform a zone transfer. This must be sent to one of the authoritive servers for the domain:
dig rosposhop.com axfr @ns52.domaincontrol.com
However, most DNS servers restrict zone transfers for security reasons. Normally, only the master server allows zone transfers, and only to the known slave servers. The domaincontrol.com servers don't allow zone transfers, so you'll get an error if you try this.
29
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
