| The Domain Name System is a critical piece of infrastructure that research has demonstrated can can be corrupted to provide incorrect information. One DNS record type, TXT, is intentionally very permissive in what information can be stored there, and as a result there are many formal and informal uses of TXT records. In this paper, we identified and categorized the patterns in TXT record use from a very large collection of resource record sets. We obtained the records using a common public dataset and pattern matching to identify TXT record uses that are common across multiple domains. We found that these records generally fall into 3 categories; protocol enhancement, domain verification and resource location. Many of these uses could leak information if not implemented correctly that provides would-be attackers insight into the domain owners' infrastructure that would be otherwise difficult to obtain. We conclude that there needs to be more formal direction in the use of TXT records that potentially leak information, including best practices and removal of records when no longer needed. |
PDF Full Text Request