A DNS (Domain Name System) record is a database entry that contains information associated with a domain or hostname within the DNS. DNS records are used to translate human-readable domain names into machine-readable IP addresses, enabling the routing of network traffic and the identification of resources on the internet.
DNS operates as a distributed hierarchical system, and various types of DNS records serve different purposes.
Here are some common types of DNS records:
DNS operates as a distributed hierarchical system, and various types of DNS records serve different purposes. Here are some common types of DNS records:
1. A Record (Address Record):
Maps a domain or subdomain to an IPv4 address. For example:
example.com. IN A 192.168.1.1
2. AAAA Record (IPv6 Address Record):
Maps a domain or subdomain to an IPv6 address. For example:
example.com. IN AAAA 2001:db8::1
3.CNAME Record (Canonical Name Record):
Creates an alias for a domain or subdomain, pointing it to another domain’s canonical (official) name. For example:
www.example.com. IN CNAME example.com
4. MX Record (Mail Exchange Record):
Specifies the mail servers responsible for receiving emails on behalf of the domain. For example:
example.com. IN MX 10 mail.example.com.
5.TXT Record (Text Record):
Used to store human-readable text information. Commonly used for DNS-based validation, SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and other purposes. For example:
example.com. IN TXT "v=spf1 include:_spf.example.com ~all"
6. NS Record (Name Server Record):
Identifies the authoritative DNS servers for a domain. Specifies the authoritative nameservers that store information about the domain. For example:
example.com. IN NS ns1.exampledns.com.
7. PTR Record (Pointer Record):
Used for reverse DNS lookups, mapping an IP address to a domain name. For example:
1.2.3.4.in-addr.arpa. IN PTR host.example.com.
8. SOA Record (Start of Authority Record):
- Contains authoritative information about a DNS zone, including details such as the primary authoritative DNS server, the domain administrator’s email address, domain serial number, and timers for zone refresh, retry, expire, and minimum TTL. For example:
example.com. IN SOA ns1.exampledns.com. admin.example.com. ( 2022120101 ; Serial 3600 ; Refresh 1800 ; Retry 604800 ; Expire 3600 ) ; Minimum TTL
These records, along with others, collectively form the DNS infrastructure and facilitate the resolution of domain names to IP addresses, mail routing, and various other domain-related functionalities on the internet. Each record type serves a specific purpose in managing and directing network traffic.
More DNS Records
Here’s a more detailed list of DNS record types, including additional record types beyond the basic ones:
- A Record (Address Record):
- Maps a domain or subdomain to an IPv4 address.
- AAAA Record (IPv6 Address Record):
- Maps a domain or subdomain to an IPv6 address.
- AFSDB record
- This record is used for clients of the Andrew File System (AFS) developed by Carnegie Melon. The AFSDB record functions to find other AFS cells.
- APL record
- The ‘address prefix list’ is an experiment record that specifies lists of address ranges.
- CAA record
- This is the ‘certification authority authorization’ record, it allows domain owners state which certificate authorities can issue certificates for that domain. If no CAA record exists, then anyone can issue a certificate for the domain. These records are also inherited by subdomains.
- CDNSKEY record
- This is a child copy of the DNSKEY record, meant to be transferred to a parent.
- CNAME Record (Canonical Name Record):
- Creates an alias for a domain or subdomain, pointing it to another domain’s canonical (official) name.
- CERT record
- The ‘certificate record’ stores public key certificates.
- DCHID record
- The ‘DHCP Identifier’ stores info for the Dynamic Host Configuration Protocol (DHCP), a standardized network protocol used on IP networks.
- DNSKEY record
- The ‘DNS Key Record’ contains a public key used to verify Domain Name System Security Extension (DNSSEC) signatures.
- DNAME record
- The ‘delegation name’ record creates a domain alias, just like CNAME, but this alias will redirect all subdomains as well. For instance if the owner of ‘example.com’ bought the domain ‘website.net’ and gave it a DNAME record that points to ‘example.com’, then that pointer would also extend to ‘blog.website.net’ and any other subdomains.
- MX Record (Mail Exchange Record):
- Specifies the mail servers responsible for receiving emails on behalf of the domain.
- TXT Record (Text Record):
- Used to store human-readable text information. Commonly used for DNS-based validation, SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and other purposes.
- HIP record
- This record uses ‘Host identity protocol’, a way to separate the roles of an IP address; this record is used most often in mobile computing.
- IPSECKEY record
- – The ‘IPSEC key’ record works with the Internet Protocol Security (IPSEC), an end-to-end security protocol framework and part of the Internet Protocol Suite (TCP/IP).
- LOC record
- The ‘location’ record contains geographical information for a domain in the form of longitude and latitude coordinates.
- NAPTR record
- The ‘name authority pointer’ record can be combined with an SRV record to dynamically create URI’s to point to based on a regular expression.
- NSEC record
- The ‘next secure record’ is part of DNSSEC, and it’s used to prove that a requested DNS resource record does not exist.
- RRSIG record
- The ‘resource record signature’ is a record to store digital signatures used to authenticate records in accordance with DNSSEC.
- RP record
- This is the ‘responsible person’ record and it stores the email address of the person responsible for the domain.
- SSHFP record
- This record stores the ‘SSH public key fingerprints’; SSH stands for Secure Shell and it’s a cryptographic networking protocol for secure communication over an unsecure network.
- NS Record (Name Server Record):
- Identifies the authoritative DNS servers for a domain. Specifies the authoritative nameservers that store information about the domain.
- PTR Record (Pointer Record):
- Used for reverse DNS lookups, mapping an IP address to a domain name.
- SOA Record (Start of Authority Record):
- SRV Record (Service Record):
- Specifies information about available services within a domain, such as the location of servers for a specific service.
- HINFO Record (Hardware Information Record):
- Provides information about the type of hardware and operating system used by the host.
- NAPTR Record (Naming Authority Pointer):
- Used in the ENUM (Telephone Number Mapping) standard to map telephone numbers to URIs.
- TLSA Record (TLS Authentication):
- Specifies the association between a domain name and a TLS server certificate.
- CAA Record (Certification Authority Authorization):
- Specifies which certificate authorities (CAs) are allowed to issue certificates for a domain.
- DNSKEY Record (DNS Key Record):
- DS Record (Delegation Signer):
- Used in DNSSEC to establish a chain of trust by storing the hash of a child zone’s public key in the parent zone.
- LOC Record (Location Record):
- Specifies the physical location (latitude, longitude, and altitude) of the domain.
- WKS Record (Well-Known Services):
- Describes the well-known services supported by a host.
- AFSDB Record (Andrew File System Database):
- Specifies information about AFS (Andrew File System) server locations.
- SSHFP Record (SSH Fingerprint Record):
- Stores fingerprints for SSH (Secure Shell) public host keys.
- DNAME Record (Delegation Name):
- Provides an alias for a subtree of the domain name space.
- DNSSEC Records (DS, RRSIG, DNSKEY, NSEC, NSEC3, etc.):
- SPF Record (Sender Policy Framework):
- Specifies authorized mail servers for sending emails on behalf of a domain.
- DKIM Record (DomainKeys Identified Mail):
- Provides a way to associate a domain name with an email message, allowing the recipient to verify the message’s authenticity.
- DMARC Record (Domain-based Message Authentication, Reporting, and Conformance):
- Specifies email authentication policies, alignment, and reporting.
- CAA Record (Certificate Authority Authorization):
- Specifies which certificate authorities are authorized to issue certificates for a domain.
- TTL (Time to Live):
- Not a record type, but a parameter specifying the amount of time a DNS record can be cached by resolvers.
- A6 Record (IPv6 Address Record – Deprecated):
- Originally intended as an alternative to AAAA records, but it has been deprecated.
- NSEC Record (Next Secure Record):
- Used in DNSSEC to provide authenticated denial of existence for a domain.
- NSEC3 Record (Next Secure Record Version 3):
- A more secure version of NSEC, also used in DNSSEC.
- CAA Issuewild and Iodef Tags:
- Additional tags within CAA records to specify wildcards and provide incident reporting information.
This list covers a variety of DNS record types, each serving a specific purpose in the DNS infrastructure. Some record types are essential for basic domain functionality, while others are used for security, email authentication, service discovery, and other advanced purposes.