Search for ALL DNS TXT records of a domain and subdomains

digdkimdnsspfsubdomain

There is a way to retrieve ALL (TXT) entries about DNS records of a domain (and subdomains) ?

My goal is to verify the configuration of my domain: www.rosposhop.com
where I correctly set multiple SPF and DKIM records for some subdomains

rosposhop.com
md.rosposhop.com (SPF+DKIM)
mg.rosposhop.com (SPF+DKIM)

(so I have a total of 5 TXT items)

Now, if I ask with dig or host -a, I got only the first TXT item, instead I was expected to have the complete list of TXT items.

Whre I'm wrong ?

$ dig  rosposhop.com TXT


; <<>> DiG 9.9.5-3ubuntu0.1-Ubuntu <<>> rosposhop.com TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14774
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;rosposhop.com.                 IN      TXT

;; ANSWER SECTION:
rosposhop.com.          2362    IN      TXT     "google-site-verification=udcP944OqB1PldDn1ML"

;; Query time: 65 msec
;; SERVER: ***********
;; WHEN: Sat Dec 27 09:10:43 CET 2014
;; MSG SIZE  rcvd: 123

BTW, if I ask puntually for a SUBdomain, now I got again only the first entry:

$ dig  md.rosposhop.com TXT

return:

;; ANSWER SECTION:
md.rosposhop.com.       2223    IN      TXT     "v=spf1 include:spf.man*******"

again I don't get the DKIM info.
It's a security/permissions topic ?
sorry for my DNS-ignorance.

thanks
giorgio

Best Solution

The approach of making a single DNS query to get all that information in one fell swoop is misguided. It assumes that the data for a single zone is a) static and b) managed by a single name server. DNS imposes no such limitations on zone data.

Both SPF and DKIM (and DMARC, if you want to throw that in the mix) use TXT records on specific domains. There is no need to get all the TXT records for a domain and its subdomains to view the relevant configuration.

If you want to get the SPF and DKIM information, just query the appropriate domains. Assuming you're doing Return-Path domains and DKIM signatures on md.rosposhop.com and mg.rosposhop.com then you should be interested in TXT records on

  1. md.rosposhop.com - SPF
  2. mg.rosposhop.com - SPF
  3. (selector)._domainkey.md.rosposhop.com - DKIM
  4. (selector)._domainkey.mg.rosposhop.com - DKIM

where (selector) is the selector you're using for that DKIM record. You may have more than one selector for each of md.rosposhop.com and mg.rosposhop.com domains. TXT records on other domains are irrelevant.

Related Question