Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Max. Number of char in a TXT Record

7,649 views
Skip to first unread message

Darvin Denmian

unread,
Mar 26, 2009, 12:16:12 PM3/26/09
to
Hello,

I have some questions:

1) Anybody know the maximum number of characters allowed in a TXT field?

2) What is the maximum number of includes inside a SFP field?


Sorry for the bad english :(

Thanks !
_______________________________________________
bind-users mailing list
bind-...@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Kevin Darcy

unread,
Mar 26, 2009, 7:19:46 PM3/26/09
to
Darvin Denmian wrote:
> Hello,
>
> I have some questions:
>
> 1) Anybody know the maximum number of characters allowed in a TXT field?
>
A simple question, but a complicated answer.

You may have multiple "strings" in a single TXT record. Each "string"
may be up to 255 characters in length, with a "length byte" indicating
the size of the "string"'s payload. I don't believe there is any
arbitrary limitation on the number of "string"s in a TXT record, but the
RDATA itself may not exceed 65535 bytes in total, which is comprised of
both the length-bytes and payloads of all "string"s contained therein.
That 64K limit is a general restriction on DNS records of all types, not
specific to TXT records.

Note that any DNS response which exceeds 512 bytes is slightly
undesirable, since in the absence of EDNS0 (which the vast majority of
-- but not all -- implementations honor these days), responses which
exceed 512 bytes will signal truncation and prompt a retry via TCP. It's
optimal to stay within 512 bytes if possible.


> 2) What is the maximum number of includes inside a SFP field?
>

I assume you mean SPF (Sender Policy Framework), the anti-SPAM(ming)
mechanism (?)

I'm no SPF expert but in glancing at the documentation it looks like
there is no arbitrary limit on the number of "include"s. Since SPF
"records" are stuffed into (one or more?) TXT records, the above limits
in the answer to question #1 would apply.

Maybe someone with better knowledge of and/or experience with SPF can
confirm or deny.

- Kevin

Leonard Mills

unread,
Mar 26, 2009, 8:10:33 PM3/26/09
to

Darvin Denmian asked:

> 2) What is the maximum number of includes inside a SFP field?

It is RECOMMENDED that SPF library implementations limit the number of DNS operations performed during a lookup to ten, to cut down on the chances of a denial-of-service exercise using SPF and to short-circuit any possible include loops. Each lookup counts, and a lookup of an include is no exception to this rule.

If there were nothing in the base record beyond IP ranges and one or more includes, and all of the includes provided records with only IP ranges and possibly other includes, then ten total includes should be expected to work. Stick in a ptr clause (or anything else calling for a new DNS operation), and the number of potential includes decreases.

Hope this helps,

Len

Vincent Rivellino

unread,
Mar 26, 2009, 8:11:52 PM3/26/09
to
On Thu, March 26, 2009 19:19, Kevin Darcy wrote:
>> 2) What is the maximum number of includes inside a SFP field?
>>
> I assume you mean SPF (Sender Policy Framework), the anti-SPAM(ming)
> mechanism (?)
>
> I'm no SPF expert but in glancing at the documentation it looks like
> there is no arbitrary limit on the number of "include"s. Since SPF
> "records" are stuffed into (one or more?) TXT records, the above limits
> in the answer to question #1 would apply.

Kevin, it looks like you are correct. From the RFC:

--------
3.1.4. Record Size

The published SPF record for a given domain name SHOULD remain small
enough that the results of a query for it will fit within 512 octets.
This will keep even older DNS implementations from falling over to
TCP. Since the answer size is dependent on many things outside the
scope of this document, it is only possible to give this guideline:
If the combined length of the DNS name and the text of all the
records of a given type (TXT or SPF) is under 450 characters, then
DNS answers should fit in UDP packets. Note that when computing the
sizes for queries of the TXT format, one must take into account any
other TXT records published at the domain name. Records that are too
long to fit in a single UDP packet MAY be silently ignored by SPF
clients.
--------

So, it appears that you can as many include's in a SPF record as you wish,
but it would be wise to keep the size of the SPF record below ~450
characters.

There is lots of good SPF information at www.openspf.org


-Vince

Darvin Denmian

unread,
Mar 27, 2009, 8:27:03 AM3/27/09
to
I thank everyone for the responses.
Thank you for your spending a little time with my question.

On Thu, Mar 26, 2009 at 9:11 PM, Vincent Rivellino <vi...@cuz.cx> wrote:
> On Thu, March 26, 2009 19:19, Kevin Darcy wrote:
>>> 2) What is the maximum number of includes inside a SFP field?
>>>
>> I assume you mean SPF (Sender Policy Framework), the anti-SPAM(ming)
>> mechanism (?)
>>
>> I'm no SPF expert but in glancing at the documentation it looks like
>> there is no arbitrary limit on the number of "include"s. Since SPF
>> "records" are stuffed into (one or more?) TXT records, the above limits
>> in the answer to question #1 would apply.
>

> Kevin, it looks like you are correct. =A0From the RFC:
>
> --------
> 3.1.4. =A0Record Size
>
> =A0 The published SPF record for a given domain name SHOULD remain small
> =A0 enough that the results of a query for it will fit within 512 octets.
> =A0 This will keep even older DNS implementations from falling over to
> =A0 TCP. =A0Since the answer size is dependent on many things outside the
> =A0 scope of this document, it is only possible to give this guideline:
> =A0 If the combined length of the DNS name and the text of all the
> =A0 records of a given type (TXT or SPF) is under 450 characters, then
> =A0 DNS answers should fit in UDP packets. =A0Note that when computing the
> =A0 sizes for queries of the TXT format, one must take into account any
> =A0 other TXT records published at the domain name. =A0Records that are t=
oo
> =A0 long to fit in a single UDP packet MAY be silently ignored by SPF
> =A0 clients.

Michael Milligan

unread,
Mar 30, 2009, 12:54:27 PM3/30/09
to
Darvin Denmian wrote:
> Hello,
>
> I have some questions:
>
> 1) Anybody know the maximum number of characters allowed in a TXT field?

255 for each string. E.g.,

@ TXT "v=spf1 mx ip4:216.208.1.1 a:mail01.mydomain.com
a:mail02.mydomain.com" " a:mail03.mydomain.com
include:something.else.com -all"

Notice there are two sets of quoted text here to simulate the entire TXT
string being longer than 255 chars. You'd just split it up into
multiple quoted strings that each are not longer than 255 chars.

Note that there is a leading space in the second string. For SPF
processing, these TXT strings are concatenated together as-is and
without the leading space in the second string, it would generate a
syntax error.

>
> 2) What is the maximum number of includes inside a SFP field?
>

Don't chain them more than 2 or 3 times, you'll run into SPF processing
limits. If you have to use more than that, then you need to rethink
you're matching approach.

The RFCs on the subject limit DNS lookups to 10, that includes the TXT
record itself, any A, MX and PTR records that have to be looked up by
name, and any further "include:" lookups and associated records. A
Permanent Error will be returned if you exceed the 10 lookup limit.

See http://www.openspf.org/, there are tools, tips and tricks to help you.

Regards,
Mike

--
Michael Milligan -> mi...@acmeps.com

0 new messages