Add and TXT record?


Could someone please do an FAQ on how I can manually add a TXT record into Pi-hole?

I’ve just got it setup and so far its working great blocking adds and generally speeding up the internet.

I run an applecaching service accross two internet connections. So I need to add a DNS TXT record. Apple server gives me the bind command which is:
_aaplcache._tcp 259200 IN TXT “prs=CONNECTION1,CONNECTION2”

On my windows box it was easy with a DNS command. However I am not that great with Linux. Big learning curve…



You can add custom dnsmasq configs to /etc/dnsmasq.d/:


Hi Mcat12

Thanks for taking the time but all that still goes zooming over my head.

Do you have anything a 5year could follow?


5 Years old are normally not allowed to surf the internet without supervision! :grin:


you’ve not seen my youngest daughter. at 13 months she was swiping to unlock an ipad then bashing the screen to open apps usually got safari open…
Now at almost 4 she has her own iPad and plays peppa pig games (with headphones)

Once she starts reading a bit better I’m gonna try and get her and her older brothers involved with Swift.

I ask for instructions a 5 year could follow becuase thats about my level of understanding.

Actually that maybe a bit advanced :thinking:



Return a TXT DNS record. The value of TXT record is a set of strings, so any number may be included, delimited by commas; use quotes to put commas into a string. Note that the maximum length of a single string is 255 characters, longer strings are split into 255 character chunks.,level 5 years,"or, bright 13 months"



I tried:
dnsmasq txt-record=_aaplcache._tcp,“,”

also tried:
dnsmasq txt-record=_aaplcache._tcp,“,”

But it returns junk found in command.

I then tried:
dnsmasq -txt-record=_aaplcache._tcp.FQDN,“,”
And now I get
dnsmasq: failed to create listening socket for port 53: Address already in use

But it returns junk found in command.


This is because you are barking up the wrong tree. You are barking at DNSmasq which is not the DNS server you are using. You are using Pi-hole which contains DNSmasq in version 4.x

You have to add it a new file in /etc/dnsmasq.d and lets say that is 88-barking-up-the-right-tree.conf with the content:


Then I restart Pi-hole and do request for the TXT records.

dig txt bark-bark.tree

; <<>> DiG 9.9.5-9+deb8u16-Raspbian <<>> txt bark-bark.tree
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50940
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 4096
;bark-bark.tree.                        IN      TXT

bark-bark.tree.         2       IN      TXT     "_aaplcache._tcp" ","

;; Query time: 1 msec
;; WHEN: Thu Sep 13 16:43:40 CEST 2018
;; MSG SIZE  rcvd: 103

Resuting in a bone being thrown down the tree containing the following writing:

bark-bark.tree. 2 IN TXT “_aaplcache._tcp” ","


I’ll look into this today. Had to reply now though because I love your analogies making me chuckle

But just so I am clear (as mud probably)

I can name the file anything I like its whats inside that counts? but for ease of remembrance I will use applecache.conf

If I have something that wants to query where _aaplcache is located I would do

txt-record=_aaplcache,_aaplcache._tcp,“prs=IP address comma seperated”

do they need a space inbetween the IP’s?



If _aaplcache is in mentioned in hosts then it should work. If not then you have use a domain.tld

The TXT record is just like a text file you can put anything in there. As long you use " when are using the comma delimiter and the text is not longer than 255 characters.

Remember this is also that new as for you so dare to try it out and see if nips you in the butt or walks nicely next to you and have only attention for you.


this thing is pulling on its lead and dragging me face down :cry:

I copied what you put and got exact same results. So then tried my theory.

Created the file /etc/dnsmasq.d/applecache.conf
This has one line:

The response I get is:

dig txt _applcache

; <<>> DiG 9.10.3-P4-Ubuntu <<>> txt _applcache._tcp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12385
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 4096
;_applcache._tcp. IN TXT

. 3600 IN SOA 2018091400 1800 900 604800 86400

;; Query time: 657 msec
;; WHEN: Fri Sep 14 12:29:18 BST 2018
;; MSG SIZE rcvd: 119

Even changing my line:

I’ve also tried it without prs= but I think the OS X server requires that!


pihole restartdns

The correct command or should I be using something else?


I explained that in my posting above yours. You need use a domain.

It states in the manual: txt-record=name,text,text

This name can be “bark” and if it also in the host file or just bark.tree and then Pi-hole knows for which domain it has thrown the bone.

Looked now with Apple about this and it should be really straightforward:

name._tcp 10800 IN TXT "[prs|prn]=addressRanges" --> txt-record=name._tcp,"[prs|prn]=addressRanges"


_aaplcache._tcp          10800 IN TXT    "\x2aprs=,"
_aaplcache._tcp          10800 IN TXT    "\x12prn=\x24\x11\x35\x16\x02\x11\x35\x16\xfe\x14\x5d\xb8\xd8\x77"

Becomes one-on-one translated:



dig TXT _aaplcache._tcp

; <<>> DiG 9.9.5-9+deb8u16-Raspbian <<>> TXT _aaplcache._tcp
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39891
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 4096
;_aaplcache._tcp.               IN      TXT

_aaplcache._tcp.        2       IN      TXT     "\\x12prn=\\x24\\x11\\x35\\x16\\x02\\x11\\x35\\x16\\xfe\\x14\\x5d\\xb8\\xd8\\x77"
_aaplcache._tcp.        2       IN      TXT     "\\x2aprs=,"

;; Query time: 6 msec
;; WHEN: Fri Sep 14 15:24:36 CEST 2018
;; MSG SIZE  rcvd: 180


Wow just as I thought I was starting to understand it you throw all those numbers and symbols at me. Maybe the bone hit me on the head and those are the birds tweeting round noggin :grin:

anyway my applecache.conf now looks like

txt-record=_aaplcache._tcp.DOMAIN,“prs=92.XXX.XXX.XXX, 81.XXX.XXX.XXX”

and now my output of dig TXT _aaplcache._tcp.DOMAIN is:

dig TXT _aaplcache._tcp.

; <<>> DiG 9.10.3-P4-Ubuntu <<>> TXT _aaplcache._tcp.DOMAIN
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 33775
;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 4096
;_aaplcache._tcp.. IN TXT

_aaplcache._tcp.DOMAIN. 2 IN TXT “,”

;; Query time: 0 msec
;; WHEN: Fri Sep 14 15:01:19 BST 2018
;; MSG SIZE rcvd: 107

Just hope that’s actually the correct output. Will dig (no pun intended) out my Caching commands.

Thanks for your help and patience


You not yet there…better said you run past the tree. This was carved in the tree: _aaplcache._tcp to which you had to bark. Adding DOMAIN let you search all the forest but it there is not tree with that TLD (top level domain) carved at the end of the name.

so this is what it should be: txt-record=_aaplcache._tcp,“prs=92.XXX.XXX.XXX, 81.XXX.XXX.XXX”

With Pi-hole and other DNS servers the smallest thing is the most important and that is the dot a.k.a. .

In_applcache._tcp you hav a dot which make it having a name and TLD so the name can be called domain-name.

Examples of of domains: - pi-hole is the domain-name and the net is the TLD and they are separated by…you guessed it, a dot.

It just like a class full of kids, they have all different names but the surname group them to their parents. So the parents are the TLD’s.

If we want to describe a kid being at school then you could use: school.charlie.parents-name and school is called a sub-domain.

You have to see the light and DNS is just a phone book that gives you the IP addresses for a domain. If someone writes besides that number a remark then it an TXT record. The next person using the phone book then reads your remark to not use this plumber for fixing the leaking tap.

Nice video and hope it does not go over your head any more.


so I ran back to the tree and cocked my leg :smiley:

I’ve changed my line to exactly the same as your example and I get the same result as I did before when I had added to it.

I am sure I had already tried that configuration and it didn’t work. Maybe I had a typo!

When I had the added I tried the Assetcachelocatorutil from the mac and it didn’t return any configured public IP address. My understanding is it pulls the public IP’s from the DNS record by querying _aaplcache._tcp. Which is only needed if using multiple public IPs. I think but again could and probably I am wrong.

The Mac is currently downloading a file. I’ll give it a reboot once its finished to refresh its DNS. Then I’ll the locator util again


Lets us know how you got it working in the end.

I had a little read at this page:


Still cant get it to work.

Dig returns a result as above. Even if I run it on the Mac it gets the same result. Expected as Mac is using PiHole for its DNS.

If I run Assetcachelocatorutil on the mac mini it doesn’t find any configured public IP address. But it does find the content cache (Its on the mac mini) so thats expected

Then on a mac book also using PiHole as DNS I get same dig result (expected) and if I run Assetcachelocatorutil it doesnt find any content caches and also states no public IP address configured.

They are on the same subnet but Firewall uses different internet connection for them. but it should see the cache as they are on the same subnet (at least it did when using windows)

I’ve tried it all combinations of adding search domain and a trailing DOT.

If I dig _aaplcache._tcp @windows-domain-server

I get the same results as having my applecache.conf set to:


Reading the link you provided it states that the TXT record needs to be published in the default search domain. With that in mind am I still creating \ editing the file in the correct location ‘/etc/dnsmasq.d/applecache.conf’
Or should I be placing it somewhere else?


Unfortunately I am out of time here. I have reverted back to using the windows DNS but use the PiHole as a forwarder so the AD-Blocking still works. Just makes it a little more difficult to to narrow down client issues.

I am going to have a read up a little more on DNS within linux. To try and get a better understanding of how it works in Linux.

My caching now works, and using windows as my DNS I get the same results with DIG TXT _aaplcache._tcp as I did when using PiHole directly.


Lets us know if you find the solution.