What are DNS Record Types?
DNS (Domain Name System) records are instructions stored in DNS zone files that provide information about a domain, including what IP address it maps to and how to handle requests for that domain. Every domain on the internet relies on DNS records to function. Understanding these record types is essential for system administrators, DevOps engineers, and web developers.
How DNS Records Work
When you type a domain name into your browser, a DNS resolver queries a chain of DNS servers to find the appropriate records. The records it finds tell the resolver where to send your request. This entire lookup process typically completes in milliseconds, making DNS one of the most performance-critical systems on the internet.
DNS Record Categories
📍 Address Records (A, AAAA)
These are the most fundamental DNS record types. A records map a hostname to an IPv4 address, while AAAA records map to an IPv6 address. Every website you visit uses at least one of these record types to tell the internet which server to connect to.
🔗 Alias Records (CNAME, DNAME)
CNAME records create an alias from one hostname to another. For example, www.example.com might point to example.com via a CNAME. A key restriction: CNAME records cannot coexist with other record types at the same name. DNAME records extend this to delegate entire subtrees of the DNS namespace.
🖥️ Name Server Records (NS, SOA)
NS records identify the authoritative DNS servers for a domain. SOA (Start of Authority) records contain essential zone metadata including the primary nameserver, the responsible party's email, and timing values that control how frequently secondary servers sync and how long negative responses are cached.
📧 Mail Records (MX)
MX (Mail Exchange) records specify which mail servers are responsible for accepting email for a domain. Each MX record includes a priority value — lower numbers indicate higher priority. Multiple MX records can provide failover for email delivery.
📝 Text Records (TXT)
TXT records store arbitrary text data and have become a versatile tool for many purposes including SPF (Sender Policy Framework) for email authentication, DKIM public keys, DMARC policies, domain ownership verification for services like Google Search Console, and custom application data. One domain can have multiple TXT records.
🔄 Reverse DNS (PTR)
PTR records provide reverse DNS lookups — the ability to resolve an IP address back to a hostname. They live in the special in-addr.arpa (IPv4) or ip6.arpa (IPv6) zones. PTR records are used by email servers to verify that a sending server's IP matches its claimed hostname, which is a key anti-spam measure.
⚙️ Service Records (SRV, NAPTR, URI)
SRV records generalize the concept of MX records to any service. They specify the hostname, port, weight, and priority for a service, enabling protocols like SIP, XMPP, and LDAP to be discovered via DNS. NAPTR records enable more complex URI rewriting and are central to VoIP and ENUM services.
🔒 Security Records (CAA, TLSA, DNSSEC)
A suite of security-related record types enhances DNS integrity. CAA records restrict which Certificate Authorities can issue certificates for your domain — a powerful anti-phishing measure. TLSA records implement DANE, allowing you to pin specific certificates in DNS. DNSSEC records (DNSKEY, DS, RRSIG, NSEC/NSEC3) provide cryptographic proof of DNS data integrity.
Essential DNS Record Combinations
🌐 Website Hosting Setup
- A / AAAA: Point your apex domain to your server's IP
- CNAME: Point www subdomain to your apex domain
- MX: Route email to your mail provider
- TXT: Add SPF, DKIM, and DMARC for email authentication
📬 Email Authentication Setup
- SPF (TXT): List the servers authorized to send email on your behalf
- DKIM (TXT): Publish your public key for email signature verification
- DMARC (TXT): Define policy for handling emails that fail SPF or DKIM checks
- MX: Specify your mail servers for inbound delivery
DNSSEC — Securing the DNS Chain of Trust
DNSSEC (DNS Security Extensions) adds cryptographic signatures to DNS data to prevent DNS spoofing and cache poisoning attacks. It works through a chain of trust: a zone signs its own records with a DNSKEY, the parent zone publishes a DS record (hash of the child's DNSKEY), and RRSIG records attach signatures to each record set. NSEC/NSEC3 records prove that a queried name does not exist.
DNS Record TTL (Time to Live)
Every DNS record has a TTL value (in seconds) that controls how long resolvers and caches may keep the record before re-querying. Lower TTLs allow faster propagation of changes but increase query load on your nameservers. Common TTL values range from 300 seconds (5 minutes) for frequently changing records to 86400 seconds (24 hours) for stable records.
Features of Our DNS Record Types Reference
- Complete Coverage: All standard DNS record types with descriptions and RFC references
- Category Filtering: Filter by Address, Alias, Mail, Security, and more
- Smart Search: Search by type name, description, or RFC number
- Real Examples: Concrete zone file syntax examples for each record type
- RFC Standards References: Standards references for authoritative documentation
- Copy Functionality: Quick copy buttons for record types and examples
Common Mistakes and Best Practices
⚠️ Common Pitfalls
- CNAME at the apex: You cannot use a CNAME record for your root domain (e.g., example.com). Use A/AAAA or an ALIAS record instead.
- Missing PTR records: Mail servers without reverse DNS (PTR records) often have email delivery problems.
- Forgetting AAAA records: As IPv6 adoption grows, omitting AAAA records can affect a portion of your users.
- High TTL before migration: Lower your TTL well in advance (at least 24 hours) before changing IP addresses.
✅ Best Practices
- Set up email authentication: Always configure SPF, DKIM, and DMARC TXT records to protect against email spoofing.
- Use CAA records: Add CAA records to restrict certificate issuance to your chosen CAs.
- Enable DNSSEC: If your registrar and hosting support it, enable DNSSEC for enhanced security.
- Monitor DNS changes: Use DNS monitoring tools to detect unexpected record changes.
Historical Context
DNS was designed in 1983 by Paul Mockapetris and first published as RFC 882 and RFC 883, later superseded by RFC 1034 and RFC 1035. The original design included A, NS, CNAME, SOA, MX, PTR, and TXT records. Over the decades, the DNS protocol has been extended significantly — DNSSEC was standardized in 2005 (RFC 4034), and new record types continue to be added to address security and service discovery needs.
How to Use This Reference Tool
- Browse All Types: Scroll through the complete list of DNS record types
- Filter by Category: Click a category card or use the dropdown to focus on a specific group
- Search Functionality: Type to search by record type name, description, or RFC
- Copy Examples: Use copy buttons to grab record types or zone file examples
- RFC References: Use the RFC column to find the authoritative specification for each type
Try Our DNS Record Types Reference
Whether you're configuring a new domain, troubleshooting DNS issues, setting up email authentication, or learning about internet infrastructure, our DNS record types reference provides clear explanations and real examples in a searchable, organized format. Perfect for developers, system administrators, and DevOps engineers.