DNS can be thought of as a distributed KV store with built in caching suitable for low write high read use cases, so TXT makes sense for that. e.g. basic feature flagging can be accomplished that way with basically no work to set it up assuming you were already using DNS.
replyThe registry cannot ban individual record types. That is not how DNS works.
replyThe registry only maintains a list of NameServers associated with the domain (and records for DNSSEC zone signing). Registries have nothing to do with regular records. They only record who defines those records.
There is _some amount_ of justification to ban TXT. There have been a few cases of C2 servers using DNS to send instructions to malware, so letting TXT slip through the cracks would still allow for that.
replyNow whether this downside justifies the massive problem it causes on false positives...
TXT can't be banned. There are several RFCs that require TXT records, such as DKIM configuration, DMARC configuration, and it is extensively used for verification by things like AWS SES, Microsoft Office, and all kinds of things. It's built into many standards and used by all kinds of other entities for all kinds of perfectly legitimate things.
replyyes, but in that cases we are on the "this (should) involve a criminal investigation" level not on a "Google Safe Search" doesn't trust you level
reply