DNS Records Reference
DNS Records Explained
This comprehensive guide details various Domain Name System (DNS) record types, essential for understanding how domain names are translated into IP addresses and how network services are configured. Whether you're a web developer, system administrator, or network engineer, grasping these records is fundamental.
Commonly Used DNS Records
These are the DNS records you'll encounter most frequently when managing domains and services.
| Type | Description |
|---|---|
| A | The 'Address' record maps a hostname to an IPv4 address. It's the most basic record type for resolving domain names to their corresponding servers. |
| AAAA | The 'Quad A' record maps a hostname to an IPv6 address. As IPv6 adoption grows, this record becomes increasingly important for modern network connectivity. |
| CNAME | A 'Canonical Name' record creates an alias, forwarding one domain name to another. It does not directly provide an IP address but points to another record that does. |
| MX | 'Mail Exchanger' records specify the mail servers responsible for accepting email messages on behalf of a domain. They include a priority value to determine the order of delivery. |
| TXT | 'Text' records allow administrators to store arbitrary text strings associated with a domain. They are commonly used for email authentication (SPF, DKIM, DMARC) and domain verification. |
| NS | 'Name Server' records delegate a DNS zone to use the given authoritative name servers. They are crucial for the hierarchical structure of DNS. |
| SOA | The 'Start of Authority' record contains authoritative information about a DNS zone, including the primary name server, administrator's email, serial number, and timing parameters. |
| SRV | 'Service' records specify the location (hostname and port number) of servers for specific services, such as VoIP or instant messaging. |
| PTR | 'Pointer' records perform the reverse of A and AAAA records, mapping an IP address back to a hostname. They are primarily used for reverse DNS lookups. |
Less Commonly Used DNS Records
These records serve more specialized purposes and are encountered less frequently but are vital in specific network configurations and security protocols.
| Type | Description |
|---|---|
| APL | The 'Address Prefix List' record specifies lists of IP address ranges, often used for routing policies or network access control. |
| AFSDB | 'Andrew File System Database' records are used by clients of the Andrew File System to locate AFS cells. |
| CAA | 'Certification Authority Authorization' records allow domain owners to specify which Certificate Authorities (CAs) are permitted to issue SSL/TLS certificates for their domain. This enhances security by preventing unauthorized certificate issuance. |
| DNSKEY | The 'DNS Key' record is part of DNSSEC (Domain Name System Security Extensions) and contains public keys used to verify the authenticity of DNS data. |
| CDNSKEY | A 'Child DNS Key' record is a copy of a DNSKEY record intended for transfer to a parent zone, facilitating DNSSEC delegation. |
| CERT | 'Certificate' records store public key certificates, often used in conjunction with other security protocols. |
| DCHID | 'DHCP Identifier' records store information related to the Dynamic Host Configuration Protocol (DHCP), used for automatic IP address assignment. |
| DNAME | A 'Delegation Name' record acts like a CNAME but redirects all subdomains as well. It's useful for creating broad domain aliases. |
| HIP | The 'Host Identity Protocol' record separates the roles of an IP address, useful for mobility and network renumbering. |
| IPSECKEY | 'IPSEC Key' records are used with the Internet Protocol Security (IPsec) framework to provide secure network communications. |
| LOC | The 'Location' record contains geographical coordinates (latitude and longitude) for a domain or host. |
| NAPTR | 'Name Authority Pointer' records are used in conjunction with SRV records to dynamically generate URIs based on regular expressions, often used in ENUM systems. |
| NSEC | The 'Next Secure' record is part of DNSSEC and is used to cryptographically prove that a requested DNS record does not exist. |
| RRSIG | 'Resource Record Signature' records store digital signatures for DNS records, used to authenticate DNS data as part of DNSSEC. |
| RP | The 'Responsible Person' record stores the email address of the individual responsible for a DNS zone. |
| SSHFP | 'SSH Fingerprint' records store public key fingerprints for Secure Shell (SSH) servers, helping to verify server identity. |
Understanding these DNS records is crucial for effective network management, security, and ensuring seamless internet operations. For further details, consult official RFC documents and developer resources.
External Resources: