Ctrl+K
Popular searches:
UtilStation
Mutlu Ramazanlar
EN

DNS Record Types

v1.0.0

DNS Record Types

Complete DNS record types reference with descriptions, examples, and RFC standards. Covers A, AAAA, CNAME, MX, TXT, SRV, DNSSEC records and more.

Warning

This tool is not supported on mobile devices, please use a desktop device for better experience.

Address
Address
2
record types
Alias
Alias
2
record types
NS
Name Server
2
record types
Mail
Mail
1
record types
Text
Text
1
record types
PTR
Reverse DNS
1
record types
Service
Service
3
record types
Security
Security
11
record types
Other
Other
6
record types
Total Record Types
29
DNS record types
Most Common
A, AAAA, CNAME, MX
Frequently used
Showing
29
Filtered results
TypeCategoryDescriptionExampleRFC
A
Address
Maps a hostname to an IPv4 address. The most fundamental DNS record type.example.com. IN A 93.184.216.34RFC 1035
AAAA
Address
Maps a hostname to an IPv6 address. The IPv6 equivalent of the A record.example.com. IN AAAA 2001:db8::1RFC 3596
CNAME
Alias
Canonical Name. Maps an alias to another hostname. Cannot coexist with other record types at the same name.www.example.com. IN CNAME example.com.RFC 1035
DNAME
Alias
Delegation Name. Delegates an entire DNS subtree to another domain, creating aliases for all records below.old.example.com. IN DNAME new.example.com.RFC 6672
NS
Name Server
Specifies the authoritative name servers for a domain or delegated zone.example.com. IN NS ns1.example.com.RFC 1035
SOA
Name Server
Start of Authority. Contains administrative information about the zone including the primary name server, email of the domain admin, and timing values.example.com. IN SOA ns1.example.com. admin.example.com. 2024010101 3600 900 604800 300RFC 1035
MX
Mail
Mail Exchange. Specifies the mail server responsible for accepting email for the domain, with a priority value (lower = higher priority).example.com. IN MX 10 mail.example.com.RFC 1035
TXT
Text
Stores arbitrary text data. Widely used for SPF, DKIM, DMARC policies, domain ownership verification, and other human-readable or machine-readable data.example.com. IN TXT "v=spf1 include:_spf.google.com ~all"RFC 1035
PTR
Reverse DNS
Pointer. Maps an IP address back to a hostname for reverse DNS lookups. The opposite of A/AAAA records, used for email validation and logging.34.216.184.93.in-addr.arpa. IN PTR example.com.RFC 1035
SRV
Service
Service Locator. Specifies the hostname and port number for specific services. Used by protocols like SIP, XMPP, LDAP, and others._sip._tcp.example.com. IN SRV 10 60 5060 sip.example.com.RFC 2782
NAPTR
Service
Name Authority Pointer. Enables URI rewriting and is used for ENUM (telephone number to URI mapping) and SIP routing.example.com. IN NAPTR 100 10 "U" "E2U+sip" "!^.*$!sip:[email protected]!i" .RFC 3403
URI
Service
Stores full URIs associated with a hostname. Used for publishing URIs for service discovery purposes._http._tcp.example.com. IN URI 10 1 "http://example.com/"RFC 7553
CAA
Security
Certification Authority Authorization. Restricts which Certificate Authorities are permitted to issue SSL/TLS certificates for the domain.example.com. IN CAA 0 issue "letsencrypt.org"RFC 8659
TLSA
Security
Associates a TLS server certificate or public key with a domain. Part of DANE (DNS-based Authentication of Named Entities) to pin certificates._443._tcp.example.com. IN TLSA 3 1 1 abc123...RFC 6698
SSHFP
Security
SSH Fingerprint. Stores SSH public key fingerprints to allow SSH clients to verify host keys via DNSSEC.host.example.com. IN SSHFP 2 1 123456789abcdef...RFC 4255
DNSKEY
Security
DNS Key. Stores a public cryptographic key used in DNSSEC for verifying digital signatures.example.com. IN DNSKEY 257 3 8 AwEAAbc123...RFC 4034
DS
Security
Delegation Signer. Contains a hash of a DNSKEY record in a child zone, creating the DNSSEC chain of trust.example.com. IN DS 12345 8 2 abc123...RFC 4034
RRSIG
Security
Resource Record Signature. Contains the DNSSEC cryptographic signature for a set of DNS records.example.com. IN RRSIG A 8 2 3600 20240101 20231201 12345 example.com. abc...RFC 4034
NSEC
Security
Next Secure. Used in DNSSEC to provide authenticated denial of existence, listing the next existing name in the zone.example.com. IN NSEC next.example.com. A MX RRSIG NSECRFC 4034
NSEC3
Security
Next Secure version 3. An alternative to NSEC that uses hashed owner names to prevent zone enumeration attacks.abc123.example.com. IN NSEC3 1 0 10 AABBCCDD ...RFC 5155
NSEC3PARAM
Security
NSEC3 Parameters. Contains the parameters used to generate NSEC3 records for a zone.example.com. IN NSEC3PARAM 1 0 10 AABBCCDDRFC 5155
CDS
Security
Child DS. A child zone copy of the DS record published to request updates to the parent DS record for DNSSEC key rollovers.example.com. IN CDS 12345 8 2 abc123...RFC 7344
CDNSKEY
Security
Child DNSKEY. Published in a zone to signal to the parent that the child wants a DS record updated.example.com. IN CDNSKEY 257 3 8 AwEAAbc123...RFC 7344
HINFO
Other
Host Information. Stores the CPU type and operating system for a host. Rarely used today due to security information disclosure concerns.host.example.com. IN HINFO "Intel Xeon" "Linux"RFC 1035
LOC
Other
Location. Stores geographical location information (latitude, longitude, altitude) for a host.host.example.com. IN LOC 37 46 29.744 N 122 25 9.816 W 0m 1m 10000m 10mRFC 1876
RP
Other
Responsible Person. Specifies the email mailbox of the person responsible for a host, as a DNS name.host.example.com. IN RP admin.example.com. contact.example.com.RFC 1183
CERT
Other
Certificate. Stores cryptographic certificates (PKIX, SPKI, PGP, etc.) associated with a domain name.host.example.com. IN CERT 1 0 0 abc123...RFC 4398
SPF
Other
Sender Policy Framework. Deprecated record type; SPF data should now be published as TXT records instead.example.com. IN SPF "v=spf1 include:example.com ~all"RFC 7208 (deprecated)
AFSDB
Other
AFS Database Location. Specifies the location of an AFS or DCE/NCA cell database server.example.com. IN AFSDB 1 afsdb.example.com.RFC 1183
  • Meta Tag Generator
    Similar Tool

    Generate essential meta tags for better SEO including title, description, keywords, and Open Graph tags.

  • HTTP Status Codes
    Similar Tool

    Complete reference for HTTP response status codes with descriptions, use cases, and categories.

  • HTML Entities
    Similar Tool

    Complete HTML character entity reference with symbols, special characters, and escape codes.

  • Port Numbers
    Similar Tool

    Comprehensive reference for network port numbers, protocols, and services used in networking and development.

  • MIME Types
    Similar Tool

    Complete reference for MIME types and file extensions used in web development and file handling.

  • Generate realistic test data using Faker.js for development, testing, and prototyping. Create fake users, addresses, companies, and more.

  • JSON Data Query
    Similar Tool

    Query JSON data using dot notation and array indexing to extract specific values from complex JSON structures.

  • Convert cron expressions into human-readable formats for easy understanding and debugging.

  • JWT Inspector
    Similar Tool

    Decode, inspect, and verify JSON Web Tokens with signature checks and claim validation.

  • Generate and test cron expressions to create precise schedules for task automation.

  • Generate and customize Linux file permissions using chmod values to control access and security settings for your files and directories.

  • Hash Generator
    Similar Tool

    Compute SHA hashes (SHA-1/256/384/512) for text or files with quick copy outputs.

  • Encode and decode URLs with support for both standard URI encoding and component encoding methods.

  • Convert JSON data to YAML format for readable configuration and documentation.

  • Convert YAML configuration files to JSON format for easier processing and integration.

How are you liking DNS Record Types?

We value your opinion and would love to hear your thoughts.

Select your rating

Excellent! ⭐

What are DNS Record Types?

DNS (Domain Name System) records are instructions stored in DNS zone files that provide information about a domain, including what IP address it maps to and how to handle requests for that domain. Every domain on the internet relies on DNS records to function. Understanding these record types is essential for system administrators, DevOps engineers, and web developers.

How DNS Records Work

When you type a domain name into your browser, a DNS resolver queries a chain of DNS servers to find the appropriate records. The records it finds tell the resolver where to send your request. This entire lookup process typically completes in milliseconds, making DNS one of the most performance-critical systems on the internet.

DNS Record Categories

📍 Address Records (A, AAAA)

These are the most fundamental DNS record types. A records map a hostname to an IPv4 address, while AAAA records map to an IPv6 address. Every website you visit uses at least one of these record types to tell the internet which server to connect to.

🔗 Alias Records (CNAME, DNAME)

CNAME records create an alias from one hostname to another. For example, www.example.com might point to example.com via a CNAME. A key restriction: CNAME records cannot coexist with other record types at the same name. DNAME records extend this to delegate entire subtrees of the DNS namespace.

🖥️ Name Server Records (NS, SOA)

NS records identify the authoritative DNS servers for a domain. SOA (Start of Authority) records contain essential zone metadata including the primary nameserver, the responsible party's email, and timing values that control how frequently secondary servers sync and how long negative responses are cached.

📧 Mail Records (MX)

MX (Mail Exchange) records specify which mail servers are responsible for accepting email for a domain. Each MX record includes a priority value — lower numbers indicate higher priority. Multiple MX records can provide failover for email delivery.

📝 Text Records (TXT)

TXT records store arbitrary text data and have become a versatile tool for many purposes including SPF (Sender Policy Framework) for email authentication, DKIM public keys, DMARC policies, domain ownership verification for services like Google Search Console, and custom application data. One domain can have multiple TXT records.

🔄 Reverse DNS (PTR)

PTR records provide reverse DNS lookups — the ability to resolve an IP address back to a hostname. They live in the special in-addr.arpa (IPv4) or ip6.arpa (IPv6) zones. PTR records are used by email servers to verify that a sending server's IP matches its claimed hostname, which is a key anti-spam measure.

⚙️ Service Records (SRV, NAPTR, URI)

SRV records generalize the concept of MX records to any service. They specify the hostname, port, weight, and priority for a service, enabling protocols like SIP, XMPP, and LDAP to be discovered via DNS. NAPTR records enable more complex URI rewriting and are central to VoIP and ENUM services.

🔒 Security Records (CAA, TLSA, DNSSEC)

A suite of security-related record types enhances DNS integrity. CAA records restrict which Certificate Authorities can issue certificates for your domain — a powerful anti-phishing measure. TLSA records implement DANE, allowing you to pin specific certificates in DNS. DNSSEC records (DNSKEY, DS, RRSIG, NSEC/NSEC3) provide cryptographic proof of DNS data integrity.

Essential DNS Record Combinations

🌐 Website Hosting Setup
  • A / AAAA: Point your apex domain to your server's IP
  • CNAME: Point www subdomain to your apex domain
  • MX: Route email to your mail provider
  • TXT: Add SPF, DKIM, and DMARC for email authentication
📬 Email Authentication Setup
  • SPF (TXT): List the servers authorized to send email on your behalf
  • DKIM (TXT): Publish your public key for email signature verification
  • DMARC (TXT): Define policy for handling emails that fail SPF or DKIM checks
  • MX: Specify your mail servers for inbound delivery

DNSSEC — Securing the DNS Chain of Trust

DNSSEC (DNS Security Extensions) adds cryptographic signatures to DNS data to prevent DNS spoofing and cache poisoning attacks. It works through a chain of trust: a zone signs its own records with a DNSKEY, the parent zone publishes a DS record (hash of the child's DNSKEY), and RRSIG records attach signatures to each record set. NSEC/NSEC3 records prove that a queried name does not exist.

DNS Record TTL (Time to Live)

Every DNS record has a TTL value (in seconds) that controls how long resolvers and caches may keep the record before re-querying. Lower TTLs allow faster propagation of changes but increase query load on your nameservers. Common TTL values range from 300 seconds (5 minutes) for frequently changing records to 86400 seconds (24 hours) for stable records.

Features of Our DNS Record Types Reference

  • Complete Coverage: All standard DNS record types with descriptions and RFC references
  • Category Filtering: Filter by Address, Alias, Mail, Security, and more
  • Smart Search: Search by type name, description, or RFC number
  • Real Examples: Concrete zone file syntax examples for each record type
  • RFC Standards References: Standards references for authoritative documentation
  • Copy Functionality: Quick copy buttons for record types and examples

Common Mistakes and Best Practices

⚠️ Common Pitfalls
  • CNAME at the apex: You cannot use a CNAME record for your root domain (e.g., example.com). Use A/AAAA or an ALIAS record instead.
  • Missing PTR records: Mail servers without reverse DNS (PTR records) often have email delivery problems.
  • Forgetting AAAA records: As IPv6 adoption grows, omitting AAAA records can affect a portion of your users.
  • High TTL before migration: Lower your TTL well in advance (at least 24 hours) before changing IP addresses.
✅ Best Practices
  • Set up email authentication: Always configure SPF, DKIM, and DMARC TXT records to protect against email spoofing.
  • Use CAA records: Add CAA records to restrict certificate issuance to your chosen CAs.
  • Enable DNSSEC: If your registrar and hosting support it, enable DNSSEC for enhanced security.
  • Monitor DNS changes: Use DNS monitoring tools to detect unexpected record changes.

Historical Context

DNS was designed in 1983 by Paul Mockapetris and first published as RFC 882 and RFC 883, later superseded by RFC 1034 and RFC 1035. The original design included A, NS, CNAME, SOA, MX, PTR, and TXT records. Over the decades, the DNS protocol has been extended significantly — DNSSEC was standardized in 2005 (RFC 4034), and new record types continue to be added to address security and service discovery needs.

How to Use This Reference Tool

  1. Browse All Types: Scroll through the complete list of DNS record types
  2. Filter by Category: Click a category card or use the dropdown to focus on a specific group
  3. Search Functionality: Type to search by record type name, description, or RFC
  4. Copy Examples: Use copy buttons to grab record types or zone file examples
  5. RFC References: Use the RFC column to find the authoritative specification for each type

Try Our DNS Record Types Reference

Whether you're configuring a new domain, troubleshooting DNS issues, setting up email authentication, or learning about internet infrastructure, our DNS record types reference provides clear explanations and real examples in a searchable, organized format. Perfect for developers, system administrators, and DevOps engineers.