New to Google DNS. Can I use Google DNS to host ONE TXT record, and leave all the other records at my current ISP?

[Steven Denenberg]

I am having trouble establishing KDIM, because when a KDIM checker retrieves my record from my ISP, it doesn't acquire all the characters correctly. My ISP is working on the problem. But for the time being, is it possible to host that one TXT record with Google, leaving everything else alone? Sorry if the question is naive! -- Steve D.

[Alex Dupuy]

This forum is for the Google Public DNS resolver, which doesn't host any records – if you wanted to use Google Cloud DNS, you should ask on the Cloud DNS Discuss group.

That said, you might be able to do this for a DKIM or DMARC TXT record, although you wouldn't be able to do this for an SPF TXT record, since that lives at the apex of your domain (apparently facialsurgery.com?). If your DKIM record is s1._domainkey.facialsurgery.com (the "s1" would be the DKIM "selector" string, possibly something other than "s1"). you could delegate that name to a zone in Google Cloud DNS (you could also delegate _domainkey.facialsurgery.com if you wanted to host all the DKIM selector TXT records in a single zone in Google Cloud DNS).

Delegating subdomains is a moderately advanced technique, I would recommend that you find a consultant or service (or your ISP) to assist you if you want to try that.

It's probably easier to solve the problem with your ISP, which is likely due to incorrect splitting of long DKIM strings (for 2048-bit or longer keys) into DNS strings. DNS strings cannot be longer than 255 characters, and to represent a long DKIM string you need to have multiple strings in the same record. As an example, this would be a correct representation for a long DKIM string in a DNS TXT record:

s1.domainkey.u1369857.wl108.sendgrid.net. 1799 IN TXT ( "k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXBH0rI55V6cqHIW9S0Kbtv2BfO0HrqC7E5JuIbZgXl5kV9cQgNk1c8iWl83OeYoNF6nrdsVnQl8d5dcWUnTLSQHKAred2XEITLBIC4eCw4g9wXiUGlvakQn12s8qPwTH3OErrrjKEfE2iykEmGUDwkAW/7N6E/GSgkQbD3qLsEhNDiThAnknEhYIpX+3Qpj6PyvY" "SKVQre4d5weBLF3ltajOiTdazVnrUgE+Uv+v9hdm2qe2q82+zkEdOWQLhKd1i71s86+GSZz3kZFXzQT3BIO12GqLaqfbdXTjQ1qgXgOWr+sLSp9I4QMBitaFSUeYZdwf3T8rUM8bvMldnDHZQIDAQAB" )

Notice the use of multiple "..." strings, none of which are more than 255 characters long. The ( ) parentheses are not required, but allow you to split the DNS record over multiple lines. You might have accidentally created multiple records, like this:

s1.domainkey.u1369857.wl108.sendgrid.net. 1799 IN TXT "k=rsa; t=s; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoXBH0rI55V6cqHIW9S0Kbtv2BfO0HrqC7E5JuIbZgXl5kV9cQgNk1c8iWl83OeYoNF6nrdsVnQl8d5dcWUnTLSQHKAred2XEITLBIC4eCw4g9wXiUGlvakQn12s8qPwTH3OErrrjKEfE2iykEmGUDwkAW/7N6E/GSgkQbD3qLsEhNDiThAnknEhYIpX+3Qpj6PyvY"

s1.domainkey.u1369857.wl108.sendgrid.net. 1799 IN TXT "SKVQre4d5weBLF3ltajOiTdazVnrUgE+Uv+v9hdm2qe2q82+zkEdOWQLhKd1i71s86+GSZz3kZFXzQT3BIO12GqLaqfbdXTjQ1qgXgOWr+sLSp9I4QMBitaFSUeYZdwf3T8rUM8bvMldnDHZQIDAQAB"

or perhaps your ISP parsed it incorrectly and generated that. This is often the reason that a DKIM TXT record "doesn't acquire all the characters correctly."

@alex