DNS TXT Queries

droidus · November 11, 2018, 3:33pm

I've noticed a large volume of DNS TXT queries on my network. What exactly are these?

jfb · November 11, 2018, 4:17pm

This is additional text information that accompanies a domain. Normally you don't see this, because it's not included with an A request, the default DNS lookup.

Non-authoritative web resource: https://en.wikipedia.org/wiki/TXT_record

A little more authoritative web resource: http://help.dnsmadeeasy.com/managed-dns/dns-record-types/txt-record/

In V4 of Pi-Hole TXT records are shown in the dashboard graphs but not in the query log. In the development version, they are shown in the query log. Here is what shows for TXT records on a dev Pi-Hole, for example:

If you run the dig command and specify the record type, you can see the text information for that domain in addition to the IP address:

dig pi-hole.net -t TXT @1.1.1.1

; <<>> DiG 9.10.3-P4-Raspbian <<>> pi-hole.net -t TXT @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5535
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;pi-hole.net.			IN	TXT

;; ANSWER SECTION:
pi-hole.net.		86400	IN	TXT	"google-site-verification=we1cZQSPMA1xzb6I81fa9Wdx1oVl-6l7-HOBNEGvpmY"
pi-hole.net.		86400	IN	TXT	"keybase-site-verification=jjDOTsv9gZqao3jZyqTZ6Gqz8k4xh2P6MyXgjzyIrLE"
pi-hole.net.		86400	IN	TXT	"v=spf1 +a +mx +ip4:23.92.70.115 +ip4:23.92.70.123 ~all"

;; Query time: 25 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun Nov 11 10:15:46 CST 2018
;; MSG SIZE  rcvd: 270

system · December 2, 2018, 4:17pm

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.