browse
Overview
Umbrella doesn't block TXT (text) record query types for content filtering (eg. category blocking) but does for security filtering. There are a few reasons for this, and also a couple of caveats to be aware of. This article provides that information.
What is a TXT record?
A TXT record carries extra data, sometimes human-readable, most of the time machine-readable. The information in the response is usually used for automated tasks such as opportunistic encryption, DomainKeys, DNS-SD, SPF, etc...
For more information on other common types of DNS record, click here.
So why aren't TXT records blocked?
Other fairly important systems use TXT records, such as SPF (Sender Policy Framework).
SPF used to have its own resource record type (99), which has since become deprecated. SPF now uses TXT records.
If Umbrella is performing filtering for an e-mail server, it is important that these SPF TXT records are available. They are used to determine the validity of the sending e-mail server. Blocking these may have a negative impact on receiving incoming e-mails from valid senders, as well as filtering out 'spoofed' e-mails and phishing campaigns.
Note:
We currently do not recommend to use Umbrella filtering for an e-mail server. For more information please see this article.
When it comes to content filtering it is not necessary to block TXT records to prevent users accessing content like websites, so we choose not to block it. This ensures that web content filtering works whilst other systems (like SPF) still function.
What are the caveats?
There are instances when it's a good idea to block all record types. When a domain is categorized as a hosting malware, Umbrella blocks TXT records too.