How to Update DNS Records in GoDaddy

GoDaddy is one of the largest domain registrars in the world, and many email administrators manage their DNS records through GoDaddy's DNS Management interface. This guide walks you through adding and editing SPF, DMARC, MTA-STS, and DKIM DNS records for your domain in GoDaddy. Each section includes the exact steps, the correct field values, and provider-specific details you need to get your records right the first time.

If you are configuring email authentication records for a domain registered with GoDaddy, follow these steps in order. If you already have existing records, review each section to confirm your current configuration is correct.

Accessing Your DNS Zone

1. Sign in to your GoDaddy account at godaddy.com.
2. Navigate to My Products from the account menu.
3. Find your domain in the Domains section and click DNS next to it. Alternatively, go to Domain Settings > DNS > DNS Records.
4. You are now in the DNS Management page. This is where you add, edit, and delete all DNS records for your domain.

GoDaddy organizes records in a table view. Each record shows its type, name (host), value, and TTL. To add a new record, click the Add button at the top of the records table. To edit an existing record, click the pencil icon next to the record.

Note: If your domain uses third-party nameservers (not GoDaddy's), you need to manage DNS at whichever provider hosts your zone. GoDaddy's DNS Management page only works when GoDaddy nameservers are active.

TXT Records

SPF Record

SPF (Sender Policy Framework) tells receiving mail servers which IP addresses and services are authorized to send email for your domain. Your SPF record is published as a TXT record at the root of your domain.

1. In the DNS Management page, click Add to create a new record.
2. Select TXT from the Type dropdown.
3. In the Name field, enter @. GoDaddy uses @ to represent the root of your domain.
4. In the Value field, enter your SPF record. If you are using mxio's Managed SPF, enter: v=spf1 include:_spf.mxio.io ~all
5. Set the TTL to 1 Hour (3600 seconds). This is the recommended TTL for SPF records — long enough to reduce DNS query load, short enough to allow timely updates.
6. Click Save.

If you already have an SPF record, do not create a second one. Multiple SPF records cause a PermError and break email authentication entirely. Instead, edit the existing TXT record that begins with v=spf1 and add include:_spf.mxio.io before the ~all or -all mechanism.

GoDaddy-specific note: GoDaddy TXT records have a 1024-character limit in a single value field. If your SPF record exceeds this limit (which can happen with many include mechanisms), you may need to use SPF flattening to reduce the record length. mxio's Managed SPF handles this automatically.

DMARC Record

DMARC (Domain-based Message Authentication, Reporting, and Conformance) tells receiving servers how to handle email that fails SPF and DKIM checks. It also enables aggregate reporting so you can see who is sending email as your domain.

1. Click Add to create a new TXT record.
2. Select TXT from the Type dropdown.
3. In the Name field, enter _dmarc. GoDaddy will automatically append your domain, resulting in _dmarc.yourdomain.com.
4. In the Value field, enter your DMARC policy. A starting policy for monitoring is: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
5. Set the TTL to 1 Hour.
6. Click Save.

Replace dmarc@yourdomain.com with the address where you want to receive DMARC aggregate reports. Start with p=none to collect data before enforcing. See the DMARC Deployment Guide for the full progression from none to quarantine to reject.

Note: mxio will support DMARC policy management in a future release.

CNAME Records

MTA-STS

MTA-STS (Mail Transfer Agent Strict Transport Security) tells sending servers that your domain supports TLS encryption for inbound email and that they should refuse to deliver over an unencrypted connection. The MTA-STS policy is published via HTTPS, and a CNAME record points to the policy host.

1. Click Add to create a new record.
2. Select CNAME from the Type dropdown.
3. In the Name field, enter _mta-sts. GoDaddy will append your domain automatically.
4. In the Value field, enter the CNAME target provided by your MTA-STS hosting service.
5. Set the TTL to 1 Hour.
6. Click Save.

You also need a TXT record at _smtp._tls to publish the MTA-STS policy version identifier. Follow the same TXT record process described above, using _smtp._tls as the Name and the policy string as the Value.

Note: mxio will support MTA-STS hosting in a future release.

NS Delegation

DKIM Key Hosting

DKIM (DomainKeys Identified Mail) uses cryptographic signatures to verify that an email was sent by an authorized server and that the message body was not altered in transit. DKIM keys are published as DNS records under the _domainkey subdomain.

For centralized DKIM key management, you can delegate the _domainkey subdomain to a dedicated DNS host via NS records. This lets the key hosting service manage DKIM records without requiring changes in GoDaddy every time a key rotates.

1. Click Add to create a new record.
2. Select NS from the Type dropdown.
3. In the Name field, enter _domainkey. GoDaddy will append your domain, resulting in _domainkey.yourdomain.com.
4. In the Value field, enter the first nameserver provided by your DKIM hosting service.
5. Set the TTL to 1 Hour.
6. Click Save.
7. Repeat for each additional nameserver (typically 2-4 NS records are required for redundancy).

Note: mxio will support DKIM key hosting via NS delegation in a future release.

Verifying Your Changes

After adding or editing DNS records in GoDaddy, verify that your changes are live and correct.

1. Use the mxio SPF Checker to validate your SPF record. Enter your domain and confirm that the record resolves correctly, the lookup count is within the 10-lookup limit, and all your sending services are included.
2. Use the mxio DMARC Checker to verify your DMARC record is published and syntactically correct.
3. Use the mxio Domain Health tool for a full overview of your domain's email authentication status, including SPF, DKIM, DMARC, and MX configuration.
4. If you created NS delegation records for DKIM, use the Delegation Health tool to verify that the NS records are resolving correctly and the delegated zone is responding.

DNS propagation typically takes 5 minutes to 48 hours, but most changes are visible within 1 hour. GoDaddy's DNS infrastructure can sometimes cache records longer than the TTL suggests. If your changes are not appearing after an hour, try clearing your local DNS cache and checking again.

Tip: If you just made changes and want to confirm propagation, check from multiple locations or use a third-party DNS propagation checker alongside mxio's tools.

Troubleshooting

Record not propagating

GoDaddy's DNS servers sometimes hold cached records longer than the configured TTL. If your update is not appearing, wait at least 1 hour before troubleshooting further. If the record still shows stale data after several hours, try deleting the old record and creating a new one rather than editing in place.

Duplicate SPF records

Your domain must have exactly one SPF TXT record at the root. If you see two TXT records starting with v=spf1, delete one and merge the include mechanisms into a single record. Use the SPF Checker to confirm you have only one record after merging.

Name field confusion

GoDaddy uses @ to represent the root domain. For subdomains, enter only the subdomain portion — GoDaddy appends the domain automatically. For example, to create a record at _dmarc.yourdomain.com, enter _dmarc in the Name field, not _dmarc.yourdomain.com.

TXT record character limit

GoDaddy enforces a 1024-character limit per TXT value field. Long SPF records with many include mechanisms can exceed this limit. If your SPF record is too long for a single value, consider consolidating your include mechanisms or using mxio's Managed SPF to flatten the record into a single, compact include.

DNS management unavailable

If the DNS Management page shows a message that DNS is managed externally, your domain's nameservers are pointed to a third-party provider. You need to manage DNS records at that provider instead. Check your nameserver configuration under Domain Settings > Nameservers to see where your DNS is hosted.