Introduction
Domain Name System (DNS) records map domain names to IP addresses, direct traffic, ensure security, and handle many other tasks essential for the functioning of the Internet. Network admins use different DNS record types to customize service delivery and manage various network functions.
This tutorial will provide a comprehensive list of DNS record types with examples and use cases.
What Are DNS Record Types?
DNS records, also known as zone files, store critical information about domains. These text-based files use the DNS syntax and are housed on DNS servers.
DNS servers use the information in DNS records to route internet traffic. Moreover, they designate mail servers for email delivery, link domain names to IP addresses, and enforce security protocols, among other critical functions.
By configuring these records, you can optimize performance, enhance security, and tailor functionality to the specific needs of websites, applications, and networks.
Common DNS Record Types
The table below lists common DNS record types:
RECORD TYPE | DESCRIPTION |
---|---|
A | Maps a domain to an IPv4 address. |
AAAA | Maps a domain to an IPv6 address. |
CNAME | Aliases one domain name to another. |
MX | Directs email to mail servers. |
NS | Specifies the authoritative nameserver for a domain. |
SOA | Contains administrative information about the domain, like the primary nameserver and zone update settings. |
TXT | Stores text information, often used for verification. |
SRV | Specifies a service location for certain services, like servers handling VoIP. |
PTR | Maps an IP address to a domain name for reverse DNS lookups. |
Other DNS Record Types
For other DNS record types, refer to the following table:
RECORD TYPE | DESCRIPTION |
---|---|
AFSDB | Specifies the location of Andrew File System (AFS) cells. |
ATMA | Maps a domain name to an ATM address used for ATM networks. |
CAA | Specifies which certificate authorities (CAs) are allowed to issue certificates for a domain. |
CERT | Stores certificates and certificate-related information, such as public keys. |
DHCID | Used in DHCP to associate DNS names with dynamically assigned IP addresses. |
DNAME | Provides redirection of a subtree of the DNS namespace to another domain. |
DNSKEY | Contains public keys used to verify DNSSEC signatures. |
DS | Used in DNSSEC to identify a DNSKEY record in the delegated zone. |
HINFO | Provides information about the hardware and operating system used by a host. |
ISDN | Stores ISDN addresses associated with a domain name. |
MB, MG, MINFO, MR | Legacy records related to mailbox information, with specific uses for mapping and informational purposes. |
NAPTR | Used for Uniform Resource Identifier (URI) and E.164 Number Mapping (ENUM) applications to define rules for rewriting domain names. |
NSAP | Maps a domain name to an NSAP address used in OSI networks. |
NSEC | Used in DNSSEC to prove the non-existence of a DNS record by listing the next record in the zone. |
NSEC3 | An enhanced version of NSEC for DNSSEC that includes hashed domain names to prevent enumeration. |
NSEC3PARAM | Stores parameters for NSEC3 records, including hashing algorithms and iterations. |
RP | Provides information about the person responsible for a domain, including contact details. |
RRSIG | Contains a cryptographic signature used to verify DNSSEC-signed data. |
RT | Specifies a route through a specific intermediate host, used for non-IP networks. |
TLSA | Links a domain name with a TLS certificate, used in DNS-based Authentication of Named Entities (DANE). |
X25 | Stores an X.25 network address used in older packet-switched networks. |
Commonly Used DNS Record Types
Each DNS record type has a specific role in managing domain name requests, and some types are more common than others. The following section outlines the most commonly used DNS record types.
A Record
A (Address) records are among the most common DNS record types. They translate domain names into IP addresses and store these associations. A records can only hold IPv4 addresses.
It contains the following elements:
Domain name | Record type | Value | TTL |
example-website.com | A | 192.0.0.1 | 14400 |
- Domain name. The website's domain name. In a DNS zone file, the
@
symbol is often used instead of the full domain name to represent the root domain. - Record type. Specifies the record type as A.
- Value. Contains the IP address associated with the domain name.
- TTL. Lists the record's Time to Live in seconds. The default value is 14400 seconds (240 minutes), which determines how long DNS resolvers cache the record.
AAAA Record
AAAA records function like A records, but instead of storing IPv4 addresses, they exclusively store IPv6 addresses connected to domain names.
Note: Learn more about the difference between IPv4 and IPv6.
CNAME Record
A CNAME (Canonical Name) record serves as a replacement for an A record if a domain is an alias for another domain. Because of this, all CNAME records point to a domain name instead of an IP address.
For example, if alias-domain.com serves as an alias for real-domain.com, a CNAME record looks like this:
Domain name | Record type | Value | TTL |
alias-domain.com | CNAME | real-domain.com | 14400 |
This record contains the following elements:
- Domain name. Contains the alias domain name. In a DNS zone file, the
@
symbol is often used instead of the full domain name to represent the root domain. - Record type. Indicates that this is a CNAME record.
- Value. The real domain name that the alias domain points to.
- TTL. The amount of time DNS resolvers cache a DNS record before refreshing it. In this case 14400 seconds (240 minutes).
CNAME records point subdomains to a domain's A or AAAA record to avoid creating separate A or AAAA records for each subdomain. However, pointing CNAME records to other CNAME records is not recommended, as this adds unnecessary steps to the DNS lookup process.
Note: Refer to our article to learn how to reduce DNS lookups.
MX Record
MX (Mail Exchange) records store instructions for directing emails to mail servers using the SMTP protocol. An MX record might look like:
Domain name | Record type: | Priority | Value | TTL |
example-site.com | MX | 10 | mail.example.com | 14400 |
In the example above:
- Domain name. Specifies the domain name. In a DNS zone file, the
@
symbol is sometimes used instead of the full domain name to represent the root domain. - Record type. Indicates this is an MX record.
- Priority. Specifies the preference for delivering mail, with lower values indicating higher priority. If the highest-priority mail server fails, the server redirects the mail to the next highest-priority server.
- Value. Specifies the mail server for the domain name.
- TTL. It determines how long DNS resolvers cache a DNS record before refreshing it
An MX record can only point to an email server's name. This means that each referenced email server must also have a valid A record specifying its IP address.
Note: Learn how to install and configure a SMTP server on Windows.
NS Record
An NS (Nameserver) record specifies which server is authoritative for the DNS records of a given domain. Domains should have multiple NS records pointing to different nameservers to provide redundancy and ensure high availability.
A nameserver is a DNS server containing authoritative DNS records for one or more domains.
Note: Learn more about how to set a DNS nameserver on Ubuntu.
Domain name | Record type | Value | TTL |
example-website.com | NS | nameserver.exam.com | 14400 |
The example above contains the following elements:
- Domain name. Specifies the domain name. In a DNS zone file, the
@
symbol is often used instead of the full domain name to represent the root domain. - Record type. Indicates that this is an NS record.
- Value. Specifies the nameserver for the provided domain.
- TTL. TTL determines how long DNS resolvers cache a DNS record before refreshing it.
SOA Record
The DNS SOA (Start of Authority) record contains critical information about a DNS zone. IETF standards require these records, which play a key role in zone transfers between DNS servers.
SOA records define the following zone properties:
- MNAME. The primary nameserver for the zone. This server should also have a corresponding NS record.
- RNAME. The email address of the person responsible for the zone. The format uses a period instead of the @ symbol.
- Serial. The zone's serial number serves to track changes and synchronize zone data across DNS servers.
- Refresh. The interval (in seconds) at which secondary DNS servers check the primary server for updates.
- Retry. The time (in seconds) a secondary server waits before retrying a failed update from the primary server.
- Expire. The time (in seconds) a secondary server will continue attempting to update from the primary server before considering the data stale and stopping updates.
- TTL. This value determines how long DNS resolvers cache a DNS record before refreshing it.
TXT Record
TXT (Text) records store arbitrary text data. They are used alongside other record types to provide additional information, such as domain verification, sender policy framework (SPF), DKIM, or other forms of authentication.
Domain name | Record type | Value | TTL |
example-website.com | TXT | Example text | 14400 |
The example above shows a typical TXT record. It contains the following elements:
- Domain name. Specifies the domain name. In a DNS zone file, the
@
symbol is often used instead of the full domain name to represent the root domain. - Record type. Indicates that this is a TXT record.
- Value. Stores a user-defined text string.
- TTL. Shows how long DNS resolvers cache a DNS record before refreshing it, in this case 14400 seconds (240 minutes).
Note: Individual text strings in TXT records have a maximum length of 255 characters, but multiple strings can be concatenated to exceed this limit.
SRV Record
SRV (Service) records store essential information about host and port details for specific internet services, such as email, VoIP, and other applications. Certain protocols, like LDAP, SIP, and XMPP, require valid SRV records to function properly.
SRV records hold the following information:
- Service. The symbolic name of the service.
- Protocol. Specifies if the service is using TCP or UDP protocols.
- Name. The domain name associated with the service.
- TTL. The number of seconds DNS resolvers cache a DNS record before refreshing it.
- Class. Can contain IN (default), CH (used for querying DNS server versions), or HS (uses DNS functionality to provide access to databases).
- Priority. Determines the preferred server. Lower values indicate higher priority.
- Weight. Used when multiple servers have the same priority; higher values give a server more priority.
- Port. The TCP or UDP port the service is running on.
- Target. The canonical hostname of the machine providing the service.
PTR Record
PTR (Pointer) records are the inverse of A or AAAA records. They map IP addresses back to domain names and facilitate reverse DNS lookups.
PTR records store IP addresses in reverse:
- IPv4 addresses are saved with their octets in reverse order.
- IPv6 addresses are saved in reverse order of their nibbles (each 4-bit section of the hexadecimal address).
Other DNS Record Types
The following DNS records are not in use as frequently as those in the previous section. However, they are essential for specific network configurations and functionalities.
AFSDB Record
AFSDB records connect a domain name to an Andrew File System (AFS) cell server. This record type serves to contact AFS cells outside the client's local domain.
An AFSDB record example is:
Address | TTL | Internet type | Record type | Service subtype | AFS cell server |
example.com | 14400 | IN | ASFDB | 1 | database01.com |
The example above contains the following elements:
- Domain Name. The domain name to which the AFSDB record applies.
- TTL. The time a DNS resolver caches a DNS record before refreshing it.
- Class. Indicates that the record is in the Internet (IN) class.
- Type. Indicates that this is an AFSDB record.
- Service Subtype. Can either be 1 for an AFS volume location server or 2 for a DCE authenticated server.
- AFS Cell Server. The hostname of the AFS cell server.
ATMA Record
An ATMA record maps a domain name to an ATM (Asynchronous Transfer Mode) address, expressed in either E.164 (decimal) or NSAP (hexadecimal) format. ATMA record entries use the following elements:
Host name | Domain name | Format | Value |
Examplehost | example-website.com | E164 | 47.0091810000000060705A8F01.0060705A8F01.00 |
In the example above:
- Host name. A single-part name for the ATM host, written without periods (
.
). - Domain name. The domain name associated with the ATM address.
- Format. Specifies the format of the ATM address, either E164 or NSAP.
- Value. The ATM address mapped to the hostname.
CAA Record
CAA records allow domain owners to specify which certificate authorities (CAs) are authorized to issue certificates for their domain and all its subdomains. If no CAA record is present, any CA can issue certificates for the domain.
Domain name | Record type | Flag | Tag | CA |
example-site.com | CAA | 0 | issue | "caa-domain.com" |
The CAA record example contains the following elements:
- Domain name. The name of the domain that is being certified.
- Record type. Indicates that this is a CAA record.
- Flag. Can be either 0 (non-critical) or 1 (critical). A critical flag means the CA must understand and comply with the CAA record; otherwise, it cannot issue a certificate. A non-critical flag allows the CA to issue a certificate even if it does not fully understand the property.
- Tag. Specifies the type of certificate authorization. The options are issue (authorize a CA to issue a certificate), issuewild (authorize a CA to issue a wildcard certificate), and iodef (specify a URL for reporting policy violations).
- CA. The certification authority that can issue certificates for the domain in question.
Note: Avoid critical connectivity issues by learning how to troubleshoot DNS.
CERT Record
CERT records store certificates, including public keys, along with related data, such as certificate revocation lists (CRLs). These certificates help verify the authenticity of the sending and receiving parties, while CRLs list revoked certificates.
CERT records contain the following data fields:
- Record type. Identifies the record as CERT.
- TTL. It determines how long DNS resolvers cache a DNS record before refreshing it
- Host. The domain name associated with the certificate.
- Type. Defines the type of certificate/CRL used.
- Key tag. A numeric value with the range of 0-65535, used to identify the CERT record.
- Algorithm. Specifies the algorithm used to produce the certificate/CRL.
- Points to. The certificate or CRL data encoded as a Base64 string.
DHCID Record
DHCID records store information related to the Dynamic Host Configuration Protocol (DHCP). These records are usually created by DHCP servers and clients through dynamic updates.
They contain hashed identifiers that help manage the relationship between DNS and DHCP, ensuring that IP addresses are correctly assigned and updated within the DNS system.
DNAME Record
DNAME records are used to create an alias for an entire subtree of a domain, effectively redirecting every subdomain under that domain to another domain. They are like CNAME records, but while a CNAME record maps one specific domain name to another, a DNAME record applies to all subdomains under a specified domain, redirecting them as well.
DNSKEY Record
DNSKEY records hold public data keys used to verify DNSSEC signatures. An example of a DNSKEY record looks like:
Host | TTL | Record class | Record type | Flags | Protocol | Algorithm | Public key |
site.com | 14400 | IN | DNSKEY | 257 | 3 | 13 | ZhCa3rGLofZcndFN2aVd== |
In the example above:
- Host. The domain name associated with the key. Fully qualified domain names (FQDNs) end with a period to indicate the root of the domain.
- TTL. The time. in seconds, that the record is cached by DNS resolvers.
- Record class. Can be IN (default), CH (used for querying DNS server versions), or HS (uses DNS functionality to provide access to databases).
- Record type. Indicates that this is a DNSKEY record.
- Flags. Indicates the key's role in DNSSEC. A value of 257 typically means the key is a Key Signing Key (KSK), while 256 indicates a Zone Signing Key (ZSK).
- Protocol. Must always be 3, as other values are invalid for DNSSEC.
- Algorithm. Identifies the algorithm used to generate the public key, which must comply with one of the DNSSEC-standard algorithms.
- Public key. The public key data used for DNSSEC validation, encoded in Base64.
DS Record
DS (Delegation Signer) records are used to secure delegations in DNSSEC. These records create a chain of trust by referencing DNSKEY records in their sub-delegated (child) zones.
DS records contain the following elements:
- Key tag. A numeric value that identifies and references a DNSKEY record in the child zone.
- Algorithm. Identifies the algorithm used to generate the referenced DNSKEY record.
- Digest type. Specifies the cryptographic hash algorithm used to create the Digest value.
- Digest. A cryptographic hash value of the referenced DNSKEY record, used to verify its authenticity.
HINFO Record
HINFO (Host Information) records store details about the hardware and operating system the host is using. Due to security concerns, these records are rarely stored on public servers and are mainly used by certain application protocols.
A typical HINFO record contains:
- Host. The domain name of the host.
- TTL. The time that the record is cached by DNS resolvers.
- Record class: Can be IN (default), CH (used for querying DNS server versions), or HS (uses DNS functionality to provide access to databases).
- Record type. Identifies the record as HINFO.
- CPU. A brief description or identifier of the host's CPU.
- Operating system. The name or abbreviation of the operating system the host is using.
ISDN Record
An ISDN record associates a domain name with an ISDN (Integrated Services Digital Network) telephone number, formatted according to the ITU-T E.163/E.164 international telephone numbering standards.
This record type may also include an optional hexadecimal sub-address as an ISDN sub-address.
MB, MG, MINFO, MR Records
MB, MG, MINFO, and MR records are obsolete records related to mailbox information with specific uses for mapping and informational purposes. These records were utilized for mailbox management and mail forwarding in DNS but are rarely used in practice today.
In contemporary DNS and email systems, the focus is primarily on MX records for mail exchange, alongside other DNS records like A, AAAA, CNAME, and TXT for various other functions.
- MB (Mailbox). Specifies the host responsible for a particular mailbox, mapping the mailbox to a host with an existing A record.
- MG (Mail Group). Specifies a mail group, with each MG record listing a member of the group. Each member typically has a valid mailbox address.
- MINFO (Mailbox Information). Provides information about a mailbox, including pointers to the administrator's mailbox and an error-handling mailbox.
- MR (Mail Renaming). Specifies the new address for a renamed mailbox, effectively forwarding mail to the new mailbox address.
NAPTR
NAPTR (Naming Authority Pointer) records are used for dynamically rewriting domain names based on specific criteria. They are commonly employed in services like Voice over IP (VoIP), ENUM (E.164 Number Mapping), and other applications requiring flexible and dynamic name resolution.
Domain name | Record type | Order | Preference | Flags | Service | Regexp | Replacement | TTL |
site.com | NATPR | 100 | 10 | U | E2U+sip | !^.*[email protected]! | . | 14400 |
In the example above, the record consists of the following elements:
- Domain name. Specifies the domain name to which the NAPTR record applies.
- Record type. Specifies the record type as NAPTR.
- Order. Defines the order in which multiple NAPTR records should be processed. Lower values are processed first.
- Preference. Specifies the preference within records of the same order. Lower values are preferred.
- Flags. Indicates how the NAPTR record should be interpreted. Common flags include U for URI, S for service, and P for protocol.
- Service. Specifies the service associated with the record, such as E2U+sip for SIP services.
- Regexp. A regular expression that is used to rewrite the domain name into a new format.
- Replacement. Specifies a domain name to be substituted if the regular expression is not used. A dot (.) indicates no further substitution.
- TTL. Lists the record's Time to Live in seconds, which determines how long the record is cached by DNS resolvers.
NSAP Record
NSAP (Network Service Access Point) records map domain names to NSAP addresses expressed in hexadecimal digits. These addresses are used within the OSI (Open Systems Interconnection) networking model to identify network entities, similar to IP addresses in the TCP/IP model. NSAP addresses are commonly associated with certain network types, such as ATM (Asynchronous Transfer Mode) networks.
NSEC Record
An NSEC (Next Secure) record links to the next domain name in the DNSSEC sorting order and lists the record types that exist for that domain name. These records are used in DNSSEC validation to provide proof of non-existence, demonstrating that a specific domain name does not exist by showing the range of domain names that do.
NSEC records contain the following elements:
- Next domain name. The name of the next domain in the DNSSEC sorting order.
- Record types. A list of all the record types that exist for the specified domain name.
NSEC3 Record
NSEC3 (Next Secure Version 3) records function similarly to NSEC records but use cryptographically hashed record names to prevent enumeration within a DNSSEC-protected zone. This hashing helps protect the privacy of the zone's contents by obfuscating the record names.
NSEC3 records contain the following elements:
- Hash algorithm. Specifies the algorithm used to generate the cryptographically hashed record name.
- Flags. Used to indicate whether the Opt-Out feature is enabled, which allows unsigned delegations to be skipped.
- Iterations. Indicates the number of times the hash algorithm was applied to the record name.
- Salt. A random value added to the record name before hashing, used to increase the complexity of the hash calculation.
- Next Hashed Owner Name. The hashed name of the next record in the DNSSEC sorting order.
- Record types. Lists the record types that exist for the hashed record name.
NSEC3PARAM Record
An NSEC3PARAM (NSEC3 Parameters) record specifies the parameters used by NSEC3 records within a DNSSEC-protected zone. These parameters guide the generation and verification of NSEC3 records, particularly when responding to DNSSEC queries about nonexistent record names or types.
NSEC3PARAM records include Hash algorithms, Flags, Iterations, and Salt, which correspond to the elements in the associated NSEC3 records.
RP Record
RP (Responsible Person) records store the DNS-encoded mailbox of the person responsible for a given domain name. Contact information, such as the responsible person's phone number or address, can be provided in a TXT record that the RP record references.
An example of an RP record:
Domain name | TTL | Record class | Record type | Mailbox | TXT domain name |
example-website.com | 14400 | IN | RP | admin.example-website.com | moreinfo.examplewebsite.com |
In this example:
- Domain name. Specifies the domain name.
- TTL. The time that the record is cached by DNS resolvers, in seconds.
- Record class. Typically, IN for Internet; other classes like CH or HS are rarely used.
- Record type. Identifies this record as RP.
- Mailbox. The DNS-encoded email address of the person responsible for the domain name (e.g., admin.example-website.com, where the first dot represents the
@
symbol). - TXT domain name. References a TXT record that contains additional information about the responsible person.
RRSIG Record
An RRSIG (Resource Record Signature) record contains a DNSSEC signature for a set of DNS records with the same name and type. These signatures authenticate the records and can be verified using the public keys stored in DNSKEY records.
RRSIG records have the following elements:
- Type covered. DNS record type the stored signature covers.
- Algorithm. The cryptographic algorithm used to create the signature.
- Labels. The number of labels in the domain name that the signature covers, used to validate wildcards.
- Original TTL. The TTL value of the original DNS record set.
- Signature expiration. Time when the signature expires.
- Signature inception. Time when the signature was created.
- Key tag. A short numeric value used to identify the DNSKEY record that can validate the signature.
- Signer's name. The domain name of the entity that owns the DNSKEY record used to create the signature.
- Signature. The DNSSEC cryptographic signature.
RT Record
RT (Route Through) records specify intermediate hosts that provide routing to the domain name specified in the record, typically in non-IP-based networks. Multiple intermediate hosts can be specified for the same domain, with the lower preference value indicating which host should be tried first.
Each intermediate host must also have a valid A record associated with it.
TLSA Record
TLSA (Transport Layer Security Authentication) records store information that associates a TLS certificate or public key with a domain. They help secure connections by specifying which certificates or keys are valid for that domain. The names of TLSA records consist of a port number, protocol name, and TLS server hostname.
These records include the following elements:
- Certificate Usage. A numeric value (0-255) indicates how the certificate or public key should be used in the context of TLS.
- Selector. A numeric value (0-255) specifies which part of the certificate is presented, such as the full certificate or just the public key.
- Matching Type. A numeric value (0-255) indicates how the certificate or public key should be matched, such as by exact match, SHA-256 hash, or SHA-512 hash.
- Certificate Association Data. The actual certificate or public key data, represented as a hexadecimal value.
X25 Record
X25 records map domain names to a PSDN (Public Switched Data Network) address number following the X.121 international numbering plan.
DNS Record Types Cheat Sheet
Download the DNS Record Types Cheat Sheet in PDF format. Use this one-page reference sheet to quickly access essential information on DNS record types whenever you need it.
Conclusion
You now have a strong understanding of the various DNS record types.
Use this guide as a reference and reminder when you need quick information on a record type, for example, when configuring DNS on your Windows, macOS, or Linux machine.