Route 53 TXT Record Splitter
Paste any TXT record over 255 characters (DKIM, SPF, DMARC, BIMI, verification token, or anything else) and we'll split it into the quoted-string format AWS Route 53 (and other manual zone editors) need.
Try an example: long DKIM · long SPF · long DMARC
Route 53 caps each TXT character-string at 255 chars (RFC 1035 §3.3.14). Lower this if your provider has a smaller limit.Output
Paste a TXT value above. The splitter chunks it at 255 characters and quotes each piece.
How to add this to Route 53
- Sign in to AWS Console and open Route 53.
- Pick your hosted zone (your domain).
- Click Create record, choose record type TXT, and set the record name (e.g.
@,_dmarc, orselector1._domainkey). - Paste the formatted value above into the Value field exactly as shown, including the quotes.
- Set TTL (3600 seconds is a good default).
- Save.
Cloudflare, Google Cloud DNS, Azure DNS, NS1, DigitalOcean, Vercel and Netlify auto-split. They accept the unsplit value as-is. Splitting is only needed for AWS Route 53, raw BIND or PowerDNS zone files, and a few registrar control panels.
How this Route 53 TXT record splitter works
A DNS TXT record is a list of character-strings. Each one caps at 255 characters (RFC 1035 §3.3.14). A flattened SPF record, a DKIM public key, or a BIMI VMC URL usually runs past that. Resolvers stitch the strings back together at query time. The Route 53 editor (and most registrar control panels) makes you do the splitting and quoting by hand.
Paste your TXT value above. The splitter chunks it on safe boundaries, wraps each chunk in quotes, and prints the result in the format Route 53 accepts:
"v=DKIM1; k=rsa; p=MIIBIjANBgkqh..." "...kiG9w0BAQEFAAOCAQ8AMIIBCgKC..." "...AQEAwIDAQAB"Default chunk size is the RFC limit of 255. Drop it lower if your host caps strings shorter than that. Works for DKIM, SPF, DMARC, BIMI, and any verification token that lands in a TXT record. Surrounding quotes on the input get stripped automatically, so paste straight from a DNS console.
Which hosts actually need this?
AWS Route 53, raw BIND or PowerDNS zone files, and a handful of registrar control panels. Cloudflare, Google Cloud DNS, Azure DNS, NS1, DigitalOcean, Vercel and Netlify auto-split for you. Paste an 800-character record into Cloudflare and it just works. Paste the same value into Route 53 and the save fails with Invalid value.
Is the long value an SPF record?
That's the most common case. SPF grows past 255 characters because nested include: mechanisms drag in more lookups than the original author intended.
Our take: splitting is a workaround, not a fix. SPF also has a 10-lookup ceiling (RFC 7208 §4.6.4). A record that needs splitting is usually one that's about to hit that ceiling too.
What to do: read the SPF syntax reference to see which includes are pulling in the most lookups, then rebuild a flat record with the SPF builder. Use the splitter only on what you can't shorten.
Where to go next
To see which TXT records the domain already publishes before you overwrite anything, run the TXT record checker. For DKIM keys specifically, the DKIM key generator emits a fresh 2048-bit pair that's ready to paste through this splitter.
Frequently Asked Questions
Common questions about TXT record splitting.
Why does Route 53 make me split the record at all?
DNS stores TXT records as a sequence of character-strings, each capped at 255 characters by RFC 1035 §3.3.14. Short verification tokens and basic SPF records fit in one string. An RSA-2048 DKIM public key doesn't, and neither does a DMARC record with a long rua= list.
Cloudflare, Google Cloud DNS, Azure DNS and DigitalOcean hide the limit by splitting for you. Route 53, raw BIND or PowerDNS zone files, and several registrar control panels make you do it by hand in the quoted-string format this tool produces.
Which records actually need splitting?
DKIM: almost always. RSA-2048 keys run 390+ characters before the tags. DMARC: when rua= or ruf= recipient lists get long. SPF: sometimes, but it's usually a hint that the record needs flattening instead. BIMI: rare, but a VMC-anchored record can grow. Verification tokens: occasionally Microsoft 365 and a few SaaS providers.
If your value is under 255 characters, paste it in raw. No splitting required.
What does the split output actually look like?
Each chunk gets wrapped in double quotes, separated by a space:
"string1" "string2" "string3"The resolver concatenates the strings before handing the value back to the application. An SPF validator, DKIM verifier, or DMARC parser sees the original unsplit record.
Does splitting change how the record behaves?
No. RFC 7208 (SPF) and RFC 6376 (DKIM) both require receivers to concatenate the character-strings before parsing. As long as your DNS host stores the quoted strings correctly, validators receive the full value. The splitting is invisible above the wire.
Need a hand with the rest of the email auth stack?
This tool is built by OSH.co.za. We do email deliverability and Google Workspace administration as a day job. For a full sweep of SPF, DKIM, DMARC, MX and blacklist posture on your domain, run the domain checker.