Checking DNS TXT entries
Published 13 March 2025
Once you've added DNS TXT entries you may want to check them or diagnose problems.
Windows: You can check the presence and value of a TXT entry using nslookup in a command prompt or Powershell:
- nslookup -q=txt _redgate-sso-admin-tokens.domain.example 8.8.8.8
Replace domain.example with your domain when running the command above.
Linux: You can check the presence and value of a TXT entry using dig in a terminal:
- dig @8.8.8.8 _redgate-sso-admin-tokens.domain.example txt
Replace domain.example with your domain when running the command above.
The above uses Google's DNS via IP address 8.8.8.8
If the entries are present they'll be displayed like this and you can check the values:
Windows:
- Non-authoritative answer:
- _redgate-sso-admin-tokens.domain.example text =
- "v2:0HQo7nG5vXh/U/AuOz9h7QflJgaKef7IKjBf9zmqUmnZR/a44pPAKfM81G9/4WzW"
Linux:
- ;; ANSWER SECTION:
- _redgate-sso-admin-tokens.domain.example. 300 IN TXT "v2:0HQo7nG5vXh/U/AuOz9h7QflJgaKef7IKjBf9zmqUmnZR/a44pPAKfM81G9/4WzW"
Troubleshooting
Below are some common problems and how they can be diagnosed.
Propagation time
If the entries are not present you may need to be patient.
DNS changes can take hours to propagate.
If after 48 hours the entries are still absent then further troubleshooting is advisable.
Non-public entry
It's possible you may have defined the entry for your companies internal DNS only.
You can check this by repeating the nslookup or dig command above, but remove the 8.8.8.8 or @8.8.8.8 to query your DNS.
If the response indicates the entry is present and with the correct value, then it's possible you haven't defined the entry publicly.
Incorrect domain
It's possible you may have defined the entry for the wrong domain, commonly the root of the domain.
You can check this by repeating the nslookup or dig command above, but remove the _redgate-sso-admin-tokens.
If the response indicates the entry is present and with the correct value, then you've defined the entry for the wrong domain.
