How to Check Domain TXT Records Using Linux Command Line Tools


4 views

When working with domain configurations in Linux, several command-line tools are available for inspecting TXT records:

# Using dig (Domain Information Groper)
dig example.com TXT +short

# Alternative dig format with more details
dig +nocmd example.com TXT +noall +answer

# Using host command
host -t txt example.com

# Using nslookup
nslookup -type=txt example.com

Here are some real-world scenarios for checking TXT records:

# Check SPF records (commonly stored in TXT)
dig google.com TXT | grep "v=spf1"

# Verify domain ownership (often used by cloud providers)
dig +short TXT _acme-challenge.example.com

# View all TXT records for troubleshooting
host -t txt example.com | awk '{print $4}'

For automation and scripting purposes:

#!/bin/bash
# Function to validate TXT record existence
check_txt_record() {
    local domain=$1
    local expected=$2
    if dig +short "$domain" TXT | grep -q "$expected"; then
        echo "✓ TXT record verified"
        return 0
    else
        echo "✗ TXT record missing" >&2
        return 1
    fi
}

# Usage example:
check_txt_record "_dmarc.example.com" "v=DMARC1"

When TXT record lookups fail:

  • Verify your DNS server: cat /etc/resolv.conf
  • Check network connectivity
  • Test with different DNS providers: dig @8.8.8.8 example.com TXT
  • Remember DNS propagation delays (up to 48 hours)

For systems without dig/host:

# Using Python
python3 -c "import dns.resolver; print(dns.resolver.resolve('example.com', 'TXT'))"

# Using curl with DNS-over-HTTPS
curl -s "https://cloudflare-dns.com/dns-query?name=example.com&type=TXT" | jq

When working with DNS configurations, inspecting TXT records is a common task for developers, especially when verifying domain ownership, setting up email security (SPF, DKIM, DMARC), or debugging DNS-related issues. In Linux, several command-line tools can help you retrieve TXT records efficiently.

The dig (Domain Information Groper) tool is one of the most powerful and widely used DNS lookup utilities. To query TXT records, use:

dig example.com TXT +short

This will return a concise output of all TXT records associated with example.com. For a more detailed response, omit the +short flag:

dig example.com TXT

Another common tool is nslookup, which is available on most Unix-like systems. To check TXT records:

nslookup -type=TXT example.com

This will display the authoritative DNS server response, including all TXT records.

The host command provides a simpler interface for DNS queries. To inspect TXT records:

host -t TXT example.com

SPF (Sender Policy Framework) records are stored as TXT records. To verify an SPF record:

dig example.com TXT | grep "v=spf1"

This filters the output to show only SPF-related TXT records.

For scripting purposes, you might want to extract TXT records programmatically. Here's a Bash function example:

get_txt_records() {
    domain=$1
    dig "$domain" TXT +short | while read -r line; do
        echo "TXT Record for $domain: $line"
    done
}

get_txt_records "example.com"

To check TXT records for multiple domains from a file:

while read -r domain; do
    echo "Checking $domain:"
    dig "$domain" TXT +short
done < domains.txt

If you're not seeing expected TXT records:

  • Check if the DNS changes have propagated using dig +trace example.com TXT
  • Verify you're querying the correct nameserver with dig @8.8.8.8 example.com TXT
  • Ensure the record exists using online tools like mxtoolbox.com

Sometimes you need to query a specific DNS server. With dig:

dig @ns1.example.com example.com TXT