Search for ALL DNS TXT records of a domain and subdomains


There is a way to retrieve ALL (TXT) entries about DNS records of a domain (and subdomains) ?

My goal is to verify the configuration of my domain:
where I correctly set multiple SPF and DKIM records for some subdomains (SPF+DKIM) (SPF+DKIM)

(so I have a total of 5 TXT items)

Now, if I ask with dig or host -a, I got only the first TXT item, instead I was expected to have the complete list of TXT items.

Whre I'm wrong ?

$ dig TXT

; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14774
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 4096
;                 IN      TXT

;; ANSWER SECTION:          2362    IN      TXT     "google-site-verification=udcP944OqB1PldDn1ML"

;; Query time: 65 msec
;; SERVER: ***********
;; WHEN: Sat Dec 27 09:10:43 CET 2014
;; MSG SIZE  rcvd: 123

BTW, if I ask puntually for a SUBdomain, now I got again only the first entry:

$ dig TXT


;; ANSWER SECTION:       2223    IN      TXT     "v=spf1*******"

again I don't get the DKIM info.
It's a security/permissions topic ?
sorry for my DNS-ignorance.


Best Solution

The approach of making a single DNS query to get all that information in one fell swoop is misguided. It assumes that the data for a single zone is a) static and b) managed by a single name server. DNS imposes no such limitations on zone data.

Both SPF and DKIM (and DMARC, if you want to throw that in the mix) use TXT records on specific domains. There is no need to get all the TXT records for a domain and its subdomains to view the relevant configuration.

If you want to get the SPF and DKIM information, just query the appropriate domains. Assuming you're doing Return-Path domains and DKIM signatures on and then you should be interested in TXT records on

  1. - SPF
  2. - SPF
  3. (selector) - DKIM
  4. (selector) - DKIM

where (selector) is the selector you're using for that DKIM record. You may have more than one selector for each of and domains. TXT records on other domains are irrelevant.

Related Question