1

I have recently added a free DNS wildcard SSL to my domain using certbot/dns-route53. SSL and HTTPS are working perfect, but I just have one concern. In the process of getting the certificate, I was given DNS TXT record values for each of my domain and subdomains and asked to add the records to my Route53 hosted zone. I thought these values should be secrets and should not be shared or exposed to anyone. However, if I just go to this link "https://toolbox.googleapps.com/apps/dig/#TXT" and type out my domain like _acme-challenge.{my-domain}, it shows exactly what the record values are for each of my domain and subdomains.

What are these TXT record values for and are they safe to be exposed? If not, is there any way to forbid the access to these values?

Daniel Kim
  • 15
  • 4

1 Answers1

2

They aren't secrets. They just act as a proof that you own the domain. It's like me saying "to prove this is really your Facebook account, please post a picture of a squirrel wearing a hat". The squirrel picture is not a secret, in fact it has to be public so I can see it. The property these values do have though (and which might have made them appear password-like to you) is that they should be unique and unlikely to exist by chance on someone's domain, just like I wouldn't do the Facebook verification by requesting a picture of a cat.

CherryDT
  • 25,571
  • 5
  • 49
  • 74