I have an SPF TXT DNS record that's too long to be served via UDP. It validates over TCP, but that's not as performant as UDP. I know that TXT records can be broken into multiple lines. How should they be formatted?
Asked
Active
Viewed 3,417 times
2 Answers
2
See RFC 7208 Section 3.4. I will just add that the vast majority of name server software (except e.g. DJB TinyDNS) implements EDNS0 and the most often negotiated UDP packet size is 4096, along with firewalls that allow up to 4096 byte DNS UDP packets by default now, so you can generally get away with larger SPF-formatted TXT records up to 4000-ish in length if you must. However, you're likely missing a simpler way to do what you need if you can't fit into 255 characters.
1
I know that TXT records can be broken into multiple lines
The record does not get shorter if you break it into multiple lines. You still need to get all the lines in a single DNS response to parse the SPF record.
But what you can do is reference other SPF records from a single SPF record and thus spread it over multiple DNS responses which of course affects the performance. Example:
example.com - v=spf1 ... include:more.example.com -all
more.example.com - v=spf1 ... more settings here ..
Steffen Ullrich
- 6,047