[AX-315] Domain Verifications Fails if Too many TXT records in DNS

Type: Bug
Resolution: Timed out
Priority: Low
Component/s: Domain Verification - Initial Setup
Labels:
None

Symptom Severity:
Severity 2 - Major

Issue Summary

If DNS contains a large number of unique TXT record items in the root of the domain (including the Atlassian Verification), the Domain cannot be verified or re-verified during the normal checks.

Steps to Reproduce

set up 30 TXT record entries with a lot of text in them
Wait for the changes to propagate to our system. Please note that the change may take up to 72 hours for our system to stop caching the old results.
Attempt to claim the domain (or reclaim it)

Expected Results

The domain claims as expected

Actual Results

The domain claim fails and the following error is thrown in the logs:
Error: queryTxt ESERVFAIL EXAMPLE.com at QueryReqWrap.onresolve [as oncomplete] (dns.js:213:19)

Notes

Domain Verification is checked on standard DNS (not EDNS) and if the Message Size is greater than 512 bytes for TXT Records, the verification can fail

Workaround

Currently, there are only two methods that can be used to bypass this issue:
1. Delete some of the TXT record entries so that the message size is less than 512 bytes
2. Use HTTPS verification instead.

relates to

AX-348 Organization verified domain functionality is bro...

Closed

mentioned in: Page Loading...; Page Loading...; Page Loading...; Page Loading...; Page Loading...

(1 mentioned in)

Rodrigo B. made changes - 23/Jun/2025 8:55 PM

Component/s	Original: Domain Claim - Initial Setup [ 53302 ]
Component/s		New: Domain Verification - Initial Setup [ 80145 ]
Key	Original: ~~ACCESS-1138~~	New: ~~AX-315~~
Support reference count	Original: 5
Symptom Severity	Original: Minor [ 16130 ]	New: Severity 2 - Major [ 14431 ]
Project	Original: Atlassian Guard [ 18910 ]	New: Admin Experience [ 24210 ]

Kat N made changes - 19/Dec/2024 7:40 PM

Resolution		New: Timed out [ 10 ]
Status	Original: Gathering Impact [ 12072 ]	New: Closed [ 6 ]

SET Analytics Bot made changes - 29/May/2024 4:01 AM

Support reference count

Original: 4

New: 5

Derrick Nguyen made changes - 27/May/2024 9:03 AM

Link

New: This issue relates to ~~ACCESS-1830~~ [ ~~ACCESS-1830~~ ]

SET Analytics Bot made changes - 13/Dec/2022 4:01 AM

Support reference count

Original: 3

New: 4

SET Analytics Bot made changes - 05/Nov/2022 4:01 AM

Support reference count

Original: 2

New: 3

Shawn C (Inactive) made changes - 03/Nov/2022 6:39 PM

Description

Original: h3. Issue Summary

If DNS contains 28 or more unique TXT record items in the root of the domain (including the Atlassian Verification), the Domain cannot be verified or re-verified during the normal checks.

h3. Steps to Reproduce
# set up 30 TXT record entries with a lot of text in them
# Wait for the changes to propagate to our system. Please note that the change may take up to 72 hours for our system to stop caching the old results.
# Attempt to claim the domain (or reclaim it)

h3. Expected Results
The domain claims as expected

h3. Actual Results

The domain claim fails and the following error is thrown in the logs:
Error: queryTxt ESERVFAIL EXAMPLE.com at QueryReqWrap.onresolve [as oncomplete] (dns.js:213:19)

h3. Notes
Domain Verification is checked on standard DNS (not EDNS) and if the Message Size is greater than 512 bytes for TXT Records, the verification can fail

h3. Workaround

Currently, there are only two methods that can be used to bypass this issue:
1. Delete some of the TXT record entries so that the message size is less than 512 bytes
2. Use HTTPS verification instead.

New: h3. Issue Summary

If DNS contains a large number of unique TXT record items in the root of the domain (including the Atlassian Verification), the Domain cannot be verified or re-verified during the normal checks.

h3. Steps to Reproduce
# set up 30 TXT record entries with a lot of text in them
# Wait for the changes to propagate to our system. Please note that the change may take up to 72 hours for our system to stop caching the old results.
# Attempt to claim the domain (or reclaim it)

h3. Expected Results
The domain claims as expected

h3. Actual Results

The domain claim fails and the following error is thrown in the logs:
Error: queryTxt ESERVFAIL EXAMPLE.com at QueryReqWrap.onresolve [as oncomplete] (dns.js:213:19)

h3. Notes
Domain Verification is checked on standard DNS (not EDNS) and if the Message Size is greater than 512 bytes for TXT Records, the verification can fail

h3. Workaround

Currently, there are only two methods that can be used to bypass this issue:
1. Delete some of the TXT record entries so that the message size is less than 512 bytes
2. Use HTTPS verification instead.

Shawn C (Inactive) made changes - 03/Nov/2022 6:14 PM

Description

Original: h3. Issue Summary

If DNS contains 28 or more unique TXT record items in the root of the domain (including the Atlassian Verification), the Domain cannot be verified or re-verified during the normal checks.

h3. Environment

(Optional - If Applicable)
*
*
h3. Steps to Reproduce
# set up 30 TXT record entries with a lot of text in them
# Wait for the changes to propagate to our system. Please note that the change may take up to 72 hours for our system to stop caching the old results.
# Attempt to claim the domain (or reclaim it)

h3. Expected Results
The domain claims as expected

h3. Actual Results

The domain claim fails and the following error is thrown in the logs:
Error: queryTxt ESERVFAIL EXAMPLE.com at QueryReqWrap.onresolve [as oncomplete] (dns.js:213:19)

h3. Notes
Domain Verification is checked on standard DNS (not EDNS) and if the Message Size is greater than 512 bytes for TXT Records, the verification can fail

h3. Workaround

Currently, there are only two methods that can be used to bypass this issue:
1. Delete some of the TXT record entries so that the message size is less than 512 bytes
2. Use HTTPS verification instead.

New: h3. Issue Summary

If DNS contains 28 or more unique TXT record items in the root of the domain (including the Atlassian Verification), the Domain cannot be verified or re-verified during the normal checks.

h3. Steps to Reproduce
# set up 30 TXT record entries with a lot of text in them
# Wait for the changes to propagate to our system. Please note that the change may take up to 72 hours for our system to stop caching the old results.
# Attempt to claim the domain (or reclaim it)

h3. Expected Results
The domain claims as expected

h3. Actual Results

The domain claim fails and the following error is thrown in the logs:
Error: queryTxt ESERVFAIL EXAMPLE.com at QueryReqWrap.onresolve [as oncomplete] (dns.js:213:19)

h3. Notes
Domain Verification is checked on standard DNS (not EDNS) and if the Message Size is greater than 512 bytes for TXT Records, the verification can fail

h3. Workaround

Currently, there are only two methods that can be used to bypass this issue:
1. Delete some of the TXT record entries so that the message size is less than 512 bytes
2. Use HTTPS verification instead.

Shawn C (Inactive) made changes - 03/Nov/2022 6:13 PM

Description

Original: h3. Issue Summary

If DNS contains 28 or more unique TXT record items in the root of the domain (including the Atlassian Verification), the Domain cannot be verified or re-verified during the normal checks.

h3. Environment

(Optional - If Applicable)
*
*
h3. Steps to Reproduce
# set up 30 TXT record entries with a lot of text in them
# Wait for the changes to propagate to our system. Please note that the change may take up to 72 hours for our system to stop caching the old results.
# Attempt to claim the domain (or reclaim it)

h3. Expected Results
The domain claims as expected

h3. Actual Results

The domain claim fails and the following error is thrown in the logs:
Error: queryTxt ESERVFAIL EXAMPLE.com at QueryReqWrap.onresolve [as oncomplete] (dns.js:213:19)

h3. Notes

11 records is not enough to generate the issue. The threshold for the issue starts somewhere between 11 and 28 records.

h3. Workaround

Currently, there are only two methods that can be used to bypass this issue:
1. Delete some of the TXT record entries to 11 or below.
2. Use HTTPS verification instead.

New: h3. Issue Summary

If DNS contains 28 or more unique TXT record items in the root of the domain (including the Atlassian Verification), the Domain cannot be verified or re-verified during the normal checks.

h3. Environment

(Optional - If Applicable)
*
*
h3. Steps to Reproduce
# set up 30 TXT record entries with a lot of text in them
# Wait for the changes to propagate to our system. Please note that the change may take up to 72 hours for our system to stop caching the old results.
# Attempt to claim the domain (or reclaim it)

h3. Expected Results
The domain claims as expected

h3. Actual Results

The domain claim fails and the following error is thrown in the logs:
Error: queryTxt ESERVFAIL EXAMPLE.com at QueryReqWrap.onresolve [as oncomplete] (dns.js:213:19)

h3. Notes
Domain Verification is checked on standard DNS (not EDNS) and if the Message Size is greater than 512 bytes for TXT Records, the verification can fail

h3. Workaround

Currently, there are only two methods that can be used to bypass this issue:
1. Delete some of the TXT record entries so that the message size is less than 512 bytes
2. Use HTTPS verification instead.

SET Analytics Bot made changes - 17/Jun/2022 4:00 AM

Support reference count

Original: 1

New: 2

Assignee:: Geoff

Reporter:: Jared Long

Affected customers:: 7 This affects my team

Watchers:: 8 Start watching this issue

Created:: 21/Jun/2019 9:15 PM

Updated:: 23/Jun/2025 8:55 PM

Resolved:: 19/Dec/2024 7:40 PM

Details

Description

Issue Summary

Steps to Reproduce

Expected Results

Actual Results

Notes

Workaround

Attachments

Issue Links

Forms

Activity

People

Dates