Free DNS: Only 1 out of 3 TXT records got published

I am unsure if this is the right forum to post…
I am using the Cloudflare free DNS plan and I am trying to setup some mail-related TXT records. However, just 1 out of 3 TXT records got published (the SPF record). Does anyone know if there is a reliable fix for this? I’ve already tried deleting and re-creating the TXT records that are unpublished - no result.
I noticed a lot of other users having had the same issue in the past (I did my google search). I couldn’t find any answer that closely resembles a solution. Are Cloudflare free DNS plans unreliable or is this some issue that Cloudflare might fix?

Thank you in advance for your inputs.

There’s no restriction on the free plan you should be hitting. Are you sure they’re being saved?? i.e. they’re not the same record name so subsequent records just don’t save as the first one exists?

In the case of SPF records you need to combine all the pertinent data into the one record. the presence of more than one SPF record is against RFC and can cause any and all the be ignored, IIRC.

Yes, I do have only one SPF record (it is a TXT record with the correct format generated by Cloudflare via the wizard).
The other two records are the DKIM and the DMARC TXT records - both related to email security. One of them I generated locally using a tool (opendkim) and the other was also generated from the Cloudflare panel inside “email security”.

I myself have DMARC and DKIM records stored just fine (as would most user with any decent email security in place). They shouldn’t clash in any way shape or form due to the presence of the DKIM selector and _dmarc prefixes so this is odd.

Post a snapshot of the TXT records in your DNS dashboard, so we can see what you have saved and can query the domain to see what’s being returned.

Thank you for the input. Here’s my DNS setup.

All looks good, man.

[email protected]:~# host -t txt parsagency.com
parsagency.com. description is "v=spf1 ip4:87.121.54.151 ~all"
[email protected]:~# host -t txt dkim._domainkey.parsagency.com
dkim._domainkey.parsagency.com. description is "v=DKIM1; h=sha256; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6Ue+c0MharGCWXm7HqPmU1zhSHLxcbb8iga01Phgirt7AWL6WbXkWH8JGelN                                                                                 no57PVK4DIacKKU2szx4EXUcdxNEylTgCN8IXmzIoI2jStw9ZozvywnI0dg4bCzXBzRaD71d0r2saiLiDjLyTBmDO70cEpf+nG0kXed1xTKONaKp96a6/tC5iUT" "fEj44ha8yc9zJZg6Lyee5397XWhf4vHrFuPrglldi+NvI7lEHFd97k                                                                                 qH0mp6GCFAh/PeRbafdnD1gPQ8t0TmxeOX2tZcM98zHytJrrFWKR5uM1P7EegQinJXosz6EAlpq+5XLvXc+vvAmrzprC2VwcHhFKTK5CwIDAQAB"
[email protected]:~# host -t txt _dmarc.parsagency.com
_dmarc.parsagency.com. description is "v=DMARC1; p=quarantine; rua=mailto:[email protected]"

Looks like propagation issues, maybe? Give it time and you should be a-ok.

One thing to bear in mind is the white space I’m getting returned in your DKIM record, that’s not right but we’re talking record semantics now, and not your original issue.

HMU if you see problems after flushing DNS cache and giving it a little while to work it’s way around the web.

Thank you very much for the support!
I think I’ve just been querying the TXT record wrong. I expected that all of them should appear as part of the @ record – i.e.
host -t txt parsagency.com

should return all 3 TXT records - but I was wrong. Thanks for pointing that out.

I also used this command to try and verify my setup: opendkim-testkey -d parsagency.com -s dkim -k dkim.private
However, it seems to always time out (although on the same machine I am now able to query the 3 TXT records).

By the way, the whitespace is only output by your system. I checked the TXT record again and it does not contain spaces in the middle of the public key param “p”. When I run the same command I don’t see it.

Anyway, your help is highly appreciated! Thank you!

Yeah, whitespace could be on my side… I was cutting and pasting from PuTTY into FireFox via notepad whilst also trying to eat dinner.

You look ‘technically’ good, but naturally check the veracity of the records. I tend to just send a test to:

One of the simpler email security test tools, I find, but if that says you’re good then you’re good.

Yes, I have been using it as well. I was just waiting for those TXT records to “appear” although they probably were there already. With DKIM setup I expect to get a result of 10/10 now :slight_smile:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.