diff --git a/CHANGELOG.md b/CHANGELOG.md
index 502a09f8..4cf2b362 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,10 @@ Mail:
 * Authentication-Results headers for DMARC, added in v0.07, were mistakenly added for outbound mail --- that's now removed.
 * The Trash folder is now created automatically for new mail accounts, addressing a Roundcube error.
 
+DNS:
+
+* Custom DNS TXT records were not always working and they can now override the default SPF, DKIM, and DMARC records.
+
 System:
 
 * ownCloud updated to version 8.0.2.
diff --git a/management/dns_update.py b/management/dns_update.py
index 7f5cdac2..88080017 100755
--- a/management/dns_update.py
+++ b/management/dns_update.py
@@ -228,17 +228,23 @@ def build_zone(domain, all_domains, additional_records, env, is_zone=True):
 
 	# SPF record: Permit the box ('mx', see above) to send mail on behalf of
 	# the domain, and no one else.
-	records.append((None,  "TXT", 'v=spf1 mx -all', "Recommended. Specifies that only the box is permitted to send @%s mail." % domain))
+	# Skip if the user has set a custom SPF record.
+	if not has_rec(None, "TXT", prefix="v=spf1 "):
+		records.append((None,  "TXT", 'v=spf1 mx -all', "Recommended. Specifies that only the box is permitted to send @%s mail." % domain))
 
 	# Append the DKIM TXT record to the zone as generated by OpenDKIM.
+	# Skip if the user has set a DKIM record already.
 	opendkim_record_file = os.path.join(env['STORAGE_ROOT'], 'mail/dkim/mail.txt')
 	with open(opendkim_record_file) as orf:
 		m = re.match(r'(\S+)\s+IN\s+TXT\s+\( "([^"]+)"\s+"([^"]+)"\s*\)', orf.read(), re.S)
 		val = m.group(2) + m.group(3)
-		records.append((m.group(1), "TXT", val, "Recommended. Provides a way for recipients to verify that this machine sent @%s mail." % domain))
+		if not has_rec(m.group(1), "TXT", prefix="v=DKIM1; "):
+			records.append((m.group(1), "TXT", val, "Recommended. Provides a way for recipients to verify that this machine sent @%s mail." % domain))
 
 	# Append a DMARC record.
-	records.append(("_dmarc", "TXT", 'v=DMARC1; p=quarantine', "Optional. Specifies that mail that does not originate from the box but claims to be from @%s is suspect and should be quarantined by the recipient's mail system." % domain))
+	# Skip if the user has set a DMARC record already.
+	if not has_rec("_dmarc", "TXT", prefix="v=DMARC1; "):
+		records.append(("_dmarc", "TXT", 'v=DMARC1; p=quarantine', "Optional. Specifies that mail that does not originate from the box but claims to be from @%s is suspect and should be quarantined by the recipient's mail system." % domain))
 
 	# For any subdomain with an A record but no SPF or DMARC record, add strict policy records.
 	all_resolvable_qnames = set(r[0] for r in records if r[1] in ("A", "AAAA"))