Question

My website (functioning for last year) seems unable to externally display any TXT records

Posted October 3, 2021 125 views
EmailDNSUbuntu 18.04

I have a fully functional website, running fine for web users.
I have spent months trying to get email running on it (presently using a hack solution of a private Gmail account through my Flask app).
As part of my recent discovery, I found that the several TXT records I created on the base site (using @, i.e. the base site URL name) were not discernable from the outside.
No TXT records are shown from whatsmydns.net, whether I use my domain name or the actual IP. These TXT records are months old, not just recently created ones.
From inside DO, these TXT records show up perfectly fine.
What do I need to do to make my TXT records show up properly?

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hello,

You need to make sure that you’ve added your TXT records under your active DNS zone. The active DNS zone is the one that your nameservers point to.

For example if you are using the DigitalOcean nameservers, then this means that you need to add the TXT record via your DigitalOcean DNS zone.

To find out what your nameservers are, you could use the whois command or an online tool like https://who.is/.

Once you know what nameservers your domain name is using, then you can head to the correct DNS zone and add your DNS records there.

Let me know how it goes.
Best,
Bobby

  • Hi Bobby, thanks for responding.
    A whois query returns (anonymised):

    whois mysite.com

    Domain Name: MYSITE.COM
    Registry Domain ID: xxxxxxxxxxDOMAINCOM-VRSN
    Registrar WHOIS Server: whois.namecheap.com
    Registrar URL: http://www.namecheap.com
    Updated Date: (few months back)
    Creation Date: (a year ago)
    Registry Expiry Date: (a future date)
    Registrar: NameCheap, Inc.
    Registrar IANA ID: xxxx
    Registrar Abuse Contact Email: abuse@namecheap.com
    Registrar Abuse Contact Phone: +1.6613102107
    Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
    Name Server: NS1.DIGITALOCEAN.COM
    Name Server: NS2.DIGITALOCEAN.COM
    Name Server: NS3.DIGITALOCEAN.COM

    In DO, I have one domain, and one droplet which is named for that same domain. I don’t see any ‘active DNS zone’ to choose from, and all my TXT/etc records are under this domain.

    Thanks for any further pointers or assistance.
    Fergus

    • Hello,

      To clarify a bit, by active DNS zone I am referring to the DNS provider that you are using. In your case, as your nameservers are set to the DigitalOcean ones, then this means that the DNS zone that your domain is using is the one that is under your DigitalOcean account. If you were using the NameCheap nameservers for example, then the active DNS zone would have been the one under your NameCheap account.

      Do you see the TXT records if you do a DNS lookup via this tool here:

      https://www.digitalocean.com/community/tools/dns

      Also, if you wish you could provide me with a screenshot of your DNS records (make sure to hide your domain name).
      Best,
      Bobby

      • Hi Bobby,

        Link to an anonymised output of my Domain DNS records:
        https://postimg.cc/vgTdKQD4

        From the community/tools/dns link I get:

        TXT records: ‘Could not find any records of this type.’

        The A and NS records show up ok, but other types also fail:

        CNAME records: 'Could not find any records of this type.’

        MX records: Found ok, but reports 'Domain blocked by zen.spamhaus.org.’ (I am separately trying to sort this out, but falling into the catch-22 of not being able to receive their verification email at my site.)

        Many thanks,
        Fergus

      • Hi Bobby,

        While I wait for approval on my screenshot of Domain records, here is the rest of the information you requested:

        The community tools dns output shows that the A and NS records show up ok, but other types fail:

        TXT records: ‘Could not find any records of this type.’

        CNAME records: 'Could not find any records of this type.’

        MX records: Found ok, but reports 'Domain blocked by zen.spamhaus.org.’ (I am separately trying to sort this out, but falling into the catch-22 of not being able to receive their verification email at my site.)

        My TXT records (on-screen) read:

        mail._domainkey.mysite.com
        returns: “v=DKIM1; h=sha256; k=rsa; p=xxx…xxx”

        mysite.com
        returns: google-site-verification=xxx…xxx

        mysite.com
        returns: TXT @ “v=spf1 mx mx:mysite.com -all”

        Many thanks,
        Fergus

        • Solved:

          I needed to remove that dodgy TXT record that was not of the form of ‘key=value’ (the one reading a value of TXT @ “v=spf1 mx mx:mysite.com -all”)

          Thanks for your support, Bobby.

          • Hi there Fergus,

            Really happy to hear that you’ve got it all sorted! And thank you for sharing the solution here with the community!

            Best,
            Bobby