DNS Record Types Explained

August 20, 2024

Introduction

Domain Name System (DNS) records map domain names to IP addresses, direct traffic, ensure security, and handle many other tasks essential for the functioning of the Internet. Network admins use different DNS record types to customize service delivery and manage various network functions.

This tutorial will provide a comprehensive list of DNS record types with examples and use cases.

DNS record types explained

What Are DNS Record Types?

DNS records, also known as zone files, store critical information about domains. These text-based files use the DNS syntax and are housed on DNS servers.

DNS servers use the information in DNS records to route internet traffic. Moreover, they designate mail servers for email delivery, link domain names to IP addresses, and enforce security protocols, among other critical functions.

By configuring these records, you can optimize performance, enhance security, and tailor functionality to the specific needs of websites, applications, and networks.

Common DNS Record Types

The table below lists common DNS record types:

RECORD TYPEDESCRIPTION
AMaps a domain to an IPv4 address.
AAAAMaps a domain to an IPv6 address.
CNAMEAliases one domain name to another.
MXDirects email to mail servers.
NSSpecifies the authoritative nameserver for a domain.
SOAContains administrative information about the domain, like the primary nameserver and zone update settings.
TXTStores text information, often used for verification.
SRVSpecifies a service location for certain services, like servers handling VoIP.
PTRMaps an IP address to a domain name for reverse DNS lookups.

Other DNS Record Types

For other DNS record types, refer to the following table:

RECORD TYPEDESCRIPTION
AFSDBSpecifies the location of Andrew File System (AFS) cells.
ATMAMaps a domain name to an ATM address used for ATM networks.
CAASpecifies which certificate authorities (CAs) are allowed to issue certificates for a domain.
CERTStores certificates and certificate-related information, such as public keys.
DHCIDUsed in DHCP to associate DNS names with dynamically assigned IP addresses.
DNAMEProvides redirection of a subtree of the DNS namespace to another domain.
DNSKEYContains public keys used to verify DNSSEC signatures.
DSUsed in DNSSEC to identify a DNSKEY record in the delegated zone.
HINFOProvides information about the hardware and operating system used by a host.
ISDNStores ISDN addresses associated with a domain name.
MB, MG, MINFO, MRLegacy records related to mailbox information, with specific uses for mapping and informational purposes.
NAPTRUsed for Uniform Resource Identifier (URI) and E.164 Number Mapping (ENUM) applications to define rules for rewriting domain names.
NSAPMaps a domain name to an NSAP address used in OSI networks.
NSECUsed in DNSSEC to prove the non-existence of a DNS record by listing the next record in the zone.
NSEC3An enhanced version of NSEC for DNSSEC that includes hashed domain names to prevent enumeration.
NSEC3PARAMStores parameters for NSEC3 records, including hashing algorithms and iterations.
RPProvides information about the person responsible for a domain, including contact details.
RRSIGContains a cryptographic signature used to verify DNSSEC-signed data.
RTSpecifies a route through a specific intermediate host, used for non-IP networks.
TLSALinks a domain name with a TLS certificate, used in DNS-based Authentication of Named Entities (DANE).
X25Stores an X.25 network address used in older packet-switched networks.

Commonly Used DNS Record Types

Each DNS record type has a specific role in managing domain name requests, and some types are more common than others. The following section outlines the most commonly used DNS record types.

A Record

A (Address) records are among the most common DNS record types. They translate domain names into IP addresses and store these associations. A records can only hold IPv4 addresses.

It contains the following elements:

Domain nameRecord typeValueTTL
example-website.comA192.0.0.114400
  • Domain name. The website's domain name. In a DNS zone file, the @ symbol is often used instead of the full domain name to represent the root domain.
  • Record type. Specifies the record type as A.
  • Value. Contains the IP address associated with the domain name.
  • TTL. Lists the record's Time to Live in seconds. The default value is 14400 seconds (240 minutes), which determines how long DNS resolvers cache the record.

AAAA Record

AAAA records function like A records, but instead of storing IPv4 addresses, they exclusively store IPv6 addresses connected to domain names.

Note: Learn more about the difference between IPv4 and IPv6.

CNAME Record

A CNAME (Canonical Name) record serves as a replacement for an A record if a domain is an alias for another domain. Because of this, all CNAME records point to a domain name instead of an IP address.

For example, if alias-domain.com serves as an alias for real-domain.com, a CNAME record looks like this:

Domain nameRecord typeValueTTL
alias-domain.comCNAMEreal-domain.com14400

This record contains the following elements:

  • Domain name. Contains the alias domain name. In a DNS zone file, the @ symbol is often used instead of the full domain name to represent the root domain.
  • Record type. Indicates that this is a CNAME record.
  • Value. The real domain name that the alias domain points to.
  • TTL. The amount of time DNS resolvers cache a DNS record before refreshing it. In this case 14400 seconds (240 minutes).

CNAME records point subdomains to a domain's A or AAAA record to avoid creating separate A or AAAA records for each subdomain. However, pointing CNAME records to other CNAME records is not recommended, as this adds unnecessary steps to the DNS lookup process.

Note: Refer to our article to learn how to reduce DNS lookups.

MX Record

MX (Mail Exchange) records store instructions for directing emails to mail servers using the SMTP protocol. An MX record might look like:

Domain nameRecord type:PriorityValueTTL
example-site.comMX10mail.example.com14400

In the example above:

  • Domain name. Specifies the domain name. In a DNS zone file, the @ symbol is sometimes used instead of the full domain name to represent the root domain.
  • Record type. Indicates this is an MX record.
  • Priority. Specifies the preference for delivering mail, with lower values indicating higher priority. If the highest-priority mail server fails, the server redirects the mail to the next highest-priority server.
  • Value. Specifies the mail server for the domain name.
  • TTL. It determines how long DNS resolvers cache a DNS record before refreshing it

An MX record can only point to an email server's name. This means that each referenced email server must also have a valid A record specifying its IP address.

Note: Learn how to install and configure a SMTP server on Windows.

NS Record

An NS (Nameserver) record specifies which server is authoritative for the DNS records of a given domain. Domains should have multiple NS records pointing to different nameservers to provide redundancy and ensure high availability.

A nameserver is a DNS server containing authoritative DNS records for one or more domains.

Note: Learn more about how to set a DNS nameserver on Ubuntu.

Domain nameRecord typeValueTTL
example-website.comNSnameserver.exam.com14400

The example above contains the following elements:

  • Domain name. Specifies the domain name. In a DNS zone file, the @ symbol is often used instead of the full domain name to represent the root domain.
  • Record type. Indicates that this is an NS record.
  • Value. Specifies the nameserver for the provided domain.
  • TTL. TTL determines how long DNS resolvers cache a DNS record before refreshing it.

SOA Record

The DNS SOA (Start of Authority) record contains critical information about a DNS zone. IETF standards require these records, which play a key role in zone transfers between DNS servers.

SOA records define the following zone properties:

  • MNAME. The primary nameserver for the zone. This server should also have a corresponding NS record.
  • RNAME. The email address of the person responsible for the zone. The format uses a period instead of the @ symbol.
  • Serial. The zone's serial number serves to track changes and synchronize zone data across DNS servers.
  • Refresh. The interval (in seconds) at which secondary DNS servers check the primary server for updates.
  • Retry. The time (in seconds) a secondary server waits before retrying a failed update from the primary server.
  • Expire. The time (in seconds) a secondary server will continue attempting to update from the primary server before considering the data stale and stopping updates.
  • TTL. This value determines how long DNS resolvers cache a DNS record before refreshing it.

TXT Record

TXT (Text) records store arbitrary text data. They are used alongside other record types to provide additional information, such as domain verification, sender policy framework (SPF), DKIM, or other forms of authentication.

Domain nameRecord typeValueTTL
example-website.comTXTExample text14400

The example above shows a typical TXT record. It contains the following elements:

  • Domain name. Specifies the domain name. In a DNS zone file, the @ symbol is often used instead of the full domain name to represent the root domain.
  • Record type. Indicates that this is a TXT record.
  • Value. Stores a user-defined text string.
  • TTL. Shows how long DNS resolvers cache a DNS record before refreshing it, in this case 14400 seconds (240 minutes).

Note: Individual text strings in TXT records have a maximum length of 255 characters, but multiple strings can be concatenated to exceed this limit.

SRV Record

SRV (Service) records store essential information about host and port details for specific internet services, such as email, VoIP, and other applications. Certain protocols, like LDAP, SIP, and XMPP, require valid SRV records to function properly.

SRV records hold the following information:

  • Service. The symbolic name of the service.
  • Protocol. Specifies if the service is using TCP or UDP protocols.
  • Name. The domain name associated with the service.
  • TTL. The number of seconds DNS resolvers cache a DNS record before refreshing it.
  • Class. Can contain IN (default), CH (used for querying DNS server versions), or HS (uses DNS functionality to provide access to databases).
  • Priority. Determines the preferred server. Lower values indicate higher priority.
  • Weight. Used when multiple servers have the same priority; higher values give a server more priority.
  • Port. The TCP or UDP port the service is running on.
  • Target. The canonical hostname of the machine providing the service.

PTR Record

PTR (Pointer) records are the inverse of A or AAAA records. They map IP addresses back to domain names and facilitate reverse DNS lookups.

PTR records store IP addresses in reverse:

  • IPv4 addresses are saved with their octets in reverse order.
  • IPv6 addresses are saved in reverse order of their nibbles (each 4-bit section of the hexadecimal address).

Other DNS Record Types

The following DNS records are not in use as frequently as those in the previous section. However, they are essential for specific network configurations and functionalities.

AFSDB Record

AFSDB records connect a domain name to an Andrew File System (AFS) cell server. This record type serves to contact AFS cells outside the client's local domain.

An AFSDB record example is:

AddressTTLInternet typeRecord typeService subtypeAFS cell server
example.com14400INASFDB1database01.com

The example above contains the following elements:

  • Domain Name. The domain name to which the AFSDB record applies.
  • TTL. The time a DNS resolver caches a DNS record before refreshing it.
  • Class. Indicates that the record is in the Internet (IN) class.
  • Type. Indicates that this is an AFSDB record.
  • Service Subtype. Can either be 1 for an AFS volume location server or 2 for a DCE authenticated server.
  • AFS Cell Server. The hostname of the AFS cell server.

ATMA Record

An ATMA record maps a domain name to an ATM (Asynchronous Transfer Mode) address, expressed in either E.164 (decimal) or NSAP (hexadecimal) format. ATMA record entries use the following elements:

Host nameDomain nameFormatValue
Examplehostexample-website.comE16447.0091810000000060705A8F01.0060705A8F01.00

In the example above:

  • Host name. A single-part name for the ATM host, written without periods (.).
  • Domain name. The domain name associated with the ATM address.
  • Format. Specifies the format of the ATM address, either E164 or NSAP.
  • Value. The ATM address mapped to the hostname.

CAA Record

CAA records allow domain owners to specify which certificate authorities (CAs) are authorized to issue certificates for their domain and all its subdomains. If no CAA record is present, any CA can issue certificates for the domain.

Domain nameRecord typeFlagTagCA
example-site.comCAA0issue"caa-domain.com"

The CAA record example contains the following elements:

  • Domain name. The name of the domain that is being certified.
  • Record type. Indicates that this is a CAA record.
  • Flag. Can be either 0 (non-critical) or 1 (critical). A critical flag means the CA must understand and comply with the CAA record; otherwise, it cannot issue a certificate. A non-critical flag allows the CA to issue a certificate even if it does not fully understand the property.
  • Tag. Specifies the type of certificate authorization. The options are issue (authorize a CA to issue a certificate), issuewild (authorize a CA to issue a wildcard certificate), and iodef (specify a URL for reporting policy violations).
  • CA. The certification authority that can issue certificates for the domain in question.

Note: Avoid critical connectivity issues by learning how to troubleshoot DNS.

CERT Record

CERT records store certificates, including public keys, along with related data, such as certificate revocation lists (CRLs). These certificates help verify the authenticity of the sending and receiving parties, while CRLs list revoked certificates.

CERT records contain the following data fields:

  • Record type. Identifies the record as CERT.
  • TTL. It determines how long DNS resolvers cache a DNS record before refreshing it
  • Host. The domain name associated with the certificate.
  • Type. Defines the type of certificate/CRL used.
  • Key tag. A numeric value with the range of 0-65535, used to identify the CERT record.
  • Algorithm. Specifies the algorithm used to produce the certificate/CRL.
  • Points to. The certificate or CRL data encoded as a Base64 string.

DHCID Record

DHCID records store information related to the Dynamic Host Configuration Protocol (DHCP). These records are usually created by DHCP servers and clients through dynamic updates.

They contain hashed identifiers that help manage the relationship between DNS and DHCP, ensuring that IP addresses are correctly assigned and updated within the DNS system.

DNAME Record

DNAME records are used to create an alias for an entire subtree of a domain, effectively redirecting every subdomain under that domain to another domain. They are like CNAME records, but while a CNAME record maps one specific domain name to another, a DNAME record applies to all subdomains under a specified domain, redirecting them as well.

A hierarchy of several CNAME records under a single DNAME record

DNSKEY Record

DNSKEY records hold public data keys used to verify DNSSEC signatures. An example of a DNSKEY record looks like:

HostTTLRecord classRecord typeFlagsProtocolAlgorithmPublic key
site.com14400INDNSKEY257313ZhCa3rGLofZcndFN2aVd==

In the example above:

  • Host. The domain name associated with the key. Fully qualified domain names (FQDNs) end with a period to indicate the root of the domain.
  • TTL. The time. in seconds, that the record is cached by DNS resolvers.
  • Record class. Can be IN (default), CH (used for querying DNS server versions), or HS (uses DNS functionality to provide access to databases).
  • Record type. Indicates that this is a DNSKEY record.
  • Flags. Indicates the key's role in DNSSEC. A value of 257 typically means the key is a Key Signing Key (KSK), while 256 indicates a Zone Signing Key (ZSK).
  • Protocol. Must always be 3, as other values are invalid for DNSSEC.
  • Algorithm. Identifies the algorithm used to generate the public key, which must comply with one of the DNSSEC-standard algorithms.
  • Public key. The public key data used for DNSSEC validation, encoded in Base64.

DS Record

DS (Delegation Signer) records are used to secure delegations in DNSSEC. These records create a chain of trust by referencing DNSKEY records in their sub-delegated (child) zones.

DS records contain the following elements:

  • Key tag. A numeric value that identifies and references a DNSKEY record in the child zone.
  • Algorithm. Identifies the algorithm used to generate the referenced DNSKEY record.
  • Digest type. Specifies the cryptographic hash algorithm used to create the Digest value.
  • Digest. A cryptographic hash value of the referenced DNSKEY record, used to verify its authenticity.

HINFO Record

HINFO (Host Information) records store details about the hardware and operating system the host is using. Due to security concerns, these records are rarely stored on public servers and are mainly used by certain application protocols.

A typical HINFO record contains:

  • Host. The domain name of the host.
  • TTL. The time that the record is cached by DNS resolvers.
  • Record class: Can be IN (default), CH (used for querying DNS server versions), or HS (uses DNS functionality to provide access to databases).
  • Record type. Identifies the record as HINFO.
  • CPU. A brief description or identifier of the host's CPU.
  • Operating system. The name or abbreviation of the operating system the host is using.

ISDN Record

An ISDN record associates a domain name with an ISDN (Integrated Services Digital Network) telephone number, formatted according to the ITU-T E.163/E.164 international telephone numbering standards.

This record type may also include an optional hexadecimal sub-address as an ISDN sub-address.

MB, MG, MINFO, MR Records

MB, MG, MINFO, and MR records are obsolete records related to mailbox information with specific uses for mapping and informational purposes. These records were utilized for mailbox management and mail forwarding in DNS but are rarely used in practice today.

In contemporary DNS and email systems, the focus is primarily on MX records for mail exchange, alongside other DNS records like A, AAAA, CNAME, and TXT for various other functions.

  • MB (Mailbox). Specifies the host responsible for a particular mailbox, mapping the mailbox to a host with an existing A record.
  • MG (Mail Group). Specifies a mail group, with each MG record listing a member of the group. Each member typically has a valid mailbox address.
  • MINFO (Mailbox Information). Provides information about a mailbox, including pointers to the administrator's mailbox and an error-handling mailbox.
  • MR (Mail Renaming). Specifies the new address for a renamed mailbox, effectively forwarding mail to the new mailbox address.
The relationship between mailbox record types

NAPTR

NAPTR (Naming Authority Pointer) records are used for dynamically rewriting domain names based on specific criteria. They are commonly employed in services like Voice over IP (VoIP), ENUM (E.164 Number Mapping), and other applications requiring flexible and dynamic name resolution.

Domain nameRecord typeOrderPreferenceFlagsServiceRegexpReplacementTTL
site.comNATPR10010UE2U+sip!^.*[email protected]!.14400

In the example above, the record consists of the following elements:

  • Domain name. Specifies the domain name to which the NAPTR record applies.
  • Record type. Specifies the record type as NAPTR.
  • Order. Defines the order in which multiple NAPTR records should be processed. Lower values are processed first.
  • Preference. Specifies the preference within records of the same order. Lower values are preferred.
  • Flags. Indicates how the NAPTR record should be interpreted. Common flags include U for URI, S for service, and P for protocol.
  • Service. Specifies the service associated with the record, such as E2U+sip for SIP services.
  • Regexp. A regular expression that is used to rewrite the domain name into a new format.
  • Replacement. Specifies a domain name to be substituted if the regular expression is not used. A dot (.) indicates no further substitution.
  • TTL. Lists the record's Time to Live in seconds, which determines how long the record is cached by DNS resolvers.

NSAP Record

NSAP (Network Service Access Point) records map domain names to NSAP addresses expressed in hexadecimal digits. These addresses are used within the OSI (Open Systems Interconnection) networking model to identify network entities, similar to IP addresses in the TCP/IP model. NSAP addresses are commonly associated with certain network types, such as ATM (Asynchronous Transfer Mode) networks.

NSEC Record

An NSEC (Next Secure) record links to the next domain name in the DNSSEC sorting order and lists the record types that exist for that domain name. These records are used in DNSSEC validation to provide proof of non-existence, demonstrating that a specific domain name does not exist by showing the range of domain names that do.

NSEC records contain the following elements:

  • Next domain name. The name of the next domain in the DNSSEC sorting order.
  • Record types. A list of all the record types that exist for the specified domain name.

NSEC3 Record

NSEC3 (Next Secure Version 3) records function similarly to NSEC records but use cryptographically hashed record names to prevent enumeration within a DNSSEC-protected zone. This hashing helps protect the privacy of the zone's contents by obfuscating the record names.

NSEC3 records contain the following elements:

  • Hash algorithm. Specifies the algorithm used to generate the cryptographically hashed record name.
  • Flags. Used to indicate whether the Opt-Out feature is enabled, which allows unsigned delegations to be skipped.
  • Iterations. Indicates the number of times the hash algorithm was applied to the record name.
  • Salt. A random value added to the record name before hashing, used to increase the complexity of the hash calculation.
  • Next Hashed Owner Name. The hashed name of the next record in the DNSSEC sorting order.
  • Record types. Lists the record types that exist for the hashed record name.

NSEC3PARAM Record

An NSEC3PARAM (NSEC3 Parameters) record specifies the parameters used by NSEC3 records within a DNSSEC-protected zone. These parameters guide the generation and verification of NSEC3 records, particularly when responding to DNSSEC queries about nonexistent record names or types.

NSEC3PARAM records include Hash algorithms, Flags, Iterations, and Salt, which correspond to the elements in the associated NSEC3 records.

Comparing the elements of NSEC, NSEC3, and NSEC3PARAM DNS record types

RP Record

RP (Responsible Person) records store the DNS-encoded mailbox of the person responsible for a given domain name. Contact information, such as the responsible person's phone number or address, can be provided in a TXT record that the RP record references.

An example of an RP record:

Domain nameTTLRecord classRecord typeMailboxTXT domain name
example-website.com14400INRPadmin.example-website.commoreinfo.examplewebsite.com

In this example:

  • Domain name. Specifies the domain name.
  • TTL. The time that the record is cached by DNS resolvers, in seconds.
  • Record class. Typically, IN for Internet; other classes like CH or HS are rarely used.
  • Record type. Identifies this record as RP.
  • Mailbox. The DNS-encoded email address of the person responsible for the domain name (e.g., admin.example-website.com, where the first dot represents the @ symbol).
  • TXT domain name. References a TXT record that contains additional information about the responsible person.

RRSIG Record

An RRSIG (Resource Record Signature) record contains a DNSSEC signature for a set of DNS records with the same name and type. These signatures authenticate the records and can be verified using the public keys stored in DNSKEY records.

RRSIG records have the following elements:

  • Type covered. DNS record type the stored signature covers.
  • Algorithm. The cryptographic algorithm used to create the signature.
  • Labels. The number of labels in the domain name that the signature covers, used to validate wildcards.
  • Original TTL. The TTL value of the original DNS record set.
  • Signature expiration. Time when the signature expires.
  • Signature inception. Time when the signature was created.
  • Key tag. A short numeric value used to identify the DNSKEY record that can validate the signature.
  • Signer's name. The domain name of the entity that owns the DNSKEY record used to create the signature.
  • Signature. The DNSSEC cryptographic signature.

RT Record

RT (Route Through) records specify intermediate hosts that provide routing to the domain name specified in the record, typically in non-IP-based networks. Multiple intermediate hosts can be specified for the same domain, with the lower preference value indicating which host should be tried first.

Each intermediate host must also have a valid A record associated with it.

TLSA Record

TLSA (Transport Layer Security Authentication) records store information that associates a TLS certificate or public key with a domain. They help secure connections by specifying which certificates or keys are valid for that domain. The names of TLSA records consist of a port number, protocol name, and TLS server hostname.

These records include the following elements:

  • Certificate Usage. A numeric value (0-255) indicates how the certificate or public key should be used in the context of TLS.
  • Selector. A numeric value (0-255) specifies which part of the certificate is presented, such as the full certificate or just the public key.
  • Matching Type. A numeric value (0-255) indicates how the certificate or public key should be matched, such as by exact match, SHA-256 hash, or SHA-512 hash.
  • Certificate Association Data. The actual certificate or public key data, represented as a hexadecimal value.

X25 Record

X25 records map domain names to a PSDN (Public Switched Data Network) address number following the X.121 international numbering plan.

DNS Record Types Cheat Sheet

Download the DNS Record Types Cheat Sheet in PDF format. Use this one-page reference sheet to quickly access essential information on DNS record types whenever you need it.

An image of the DNS Record Types cheat sheet.

Conclusion

You now have a strong understanding of the various DNS record types.

Use this guide as a reference and reminder when you need quick information on a record type, for example, when configuring DNS on your Windows, macOS, or Linux machine.

Was this article helpful?
YesNo
Vladimir Kaplarevic
Vladimir is a resident Tech Writer at phoenixNAP. He has more than 7 years of experience in implementing e-commerce and online payment solutions with various global IT services providers. His articles aim to instill a passion for innovative technologies in others by providing practical advice and using an engaging writing style.
Next you should read
DNS Best Practices for Security and Performance
November 11, 2019

DNS infrastructure needs to be organized properly to avoid security and performance issues. By following DNS best practices, most potential problems can be evaded.
Read more
How To Set Up Raspberry Pi As A DNS Server
March 31, 2021

Learn how to improve your network speed by setting up a Raspberry Pi as a DNS server in this step-by-step guide.
Read more
How to Use Linux dig Command (DNS Lookup)
May 23, 2024

dig (Domain Information Groper) command is a tool for querying DNS name servers. It is a helpful command for diagnosing DNS problems but is also used to display DNS information.
Read more
How to Flush DNS Cache in macOS, Windows, & Linux
September 10, 2024

DNS cache can be corrupted for a number of different reasons, including network attacks or viruses. When that happens, IP address mapping becomes corrupted for certain popular websites.
Read more